locked
Cookieless & URL is too long RRS feed

  • Question

  • User1069166212 posted

    Hello,

    At our asp.net enviroment we are using cookieless sessionstate and there are cases where the url is too long and getting the error:

    "Exception of type 'System.Web.HttpUnhandledException' was thrown.The specified path, file name, or both are too long. The fully qualified file name must be less than 260 characters, and the directory name must be less than 248 characters."

    Is there any work around on this?




    Sunday, June 16, 2013 1:50 PM

Answers

  • User1779161005 posted

    We had cases (we believe some rare cases Win7/IE8) where the login does not work with cookieless. By not working i mean.... after setting up FormsAuthentication.SetAuthCookie(username, false); user gets redirected back to the login screen... instead of getting authenticated.

    So, we have thought to use cookieless in those cases.

    Ok, so session state has nothing to do with forms authentication -- those are two different cookies for two different purposes.

    I guess I'd suggest going back and really tracking down your cookie issue (which ever one you're actually using, or both?). It might be the lack of SSL or a router dropping the cookies or the browser not configured to send the cookies. But cookies is by far more secure so you should get that sorted and stop using cookieless.

    G'dluck.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Sunday, June 16, 2013 2:39 PM

All replies

  • User1779161005 posted

    Is there a good reason you're using cookieless? It's discouraged from use due to the security issues:

    http://brockallen.com/2012/04/08/cookieless-session-considered-dangerous/

    Sunday, June 16, 2013 2:03 PM
  • User1069166212 posted

    We had cases (we believe some rare cases Win7/IE8) where the login does not work with cookieless. By not working i mean.... after setting up FormsAuthentication.SetAuthCookie(username, false); user gets redirected back to the login screen... instead of getting authenticated.

    So, we have thought to use cookieless in those cases.

    Sunday, June 16, 2013 2:23 PM
  • User1779161005 posted

    We had cases (we believe some rare cases Win7/IE8) where the login does not work with cookieless. By not working i mean.... after setting up FormsAuthentication.SetAuthCookie(username, false); user gets redirected back to the login screen... instead of getting authenticated.

    So, we have thought to use cookieless in those cases.

    Ok, so session state has nothing to do with forms authentication -- those are two different cookies for two different purposes.

    I guess I'd suggest going back and really tracking down your cookie issue (which ever one you're actually using, or both?). It might be the lack of SSL or a router dropping the cookies or the browser not configured to send the cookies. But cookies is by far more secure so you should get that sorted and stop using cookieless.

    G'dluck.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Sunday, June 16, 2013 2:39 PM