none
IIS Express & Sessions

    Question

  • I'm using Visual Studio 2015 Enterprise with update 3 and recently noticed a very annoying bug in IIS express.

    I have Asp.NET web forms application with forms authentication.

    It is in production for quite some time already.

    The problem is that if I'm in a non authenticated page, the session cookie is not created while debugging in IIS express.

    If I authenticate myself in debug mode in IIS express, the session cookie is correctly created.

    In my production web site, hosted on IIS 7.5 the session cookie is correctly created in both authenticated and non authenticated modes.

    All other cookies are created normally.

    Real bug or am I missing something?


    Wednesday, November 02, 2016 8:10 AM

Answers

All replies

  • I'm using Visual Studio 2015 Enterprise with update 3 and recently noticed a very annoying bug in IIS express.

    I have Asp.NET web forms application with forms authentication.

    It is in production for quite some time already.

    The problem is that if I'm in a non authenticated page, the session cookie is not created while debugging in IIS express.

    If I authenticate myself in debug mode in IIS express, the session cookie is correctly created.

    In my production web site, hosted on IIS 7.5 the session cookie is correctly created in both authenticated and non authenticated modes.

    All other cookies are created normally.

    Real bug or am I missing something?


    Ok, found the source of the problem. It happens when I force renewal of the sessionid cookie.

    Funny is that it works in deployed application...

    I am doing like this:
                HttpCookie sessionIdCookie = new HttpCookie("ASP.NET_SessionId", "");
                sessionIdCookie.Expires = DateTime.Now.AddDays(-1);
                return sessionIdCookie;

    Seems that IIS express is not considering regenerateExpiredSessionId="true" option...

    Thursday, November 03, 2016 7:53 AM
  • Ok, local IIS neither... it is something about localhost?
    Thursday, November 03, 2016 8:14 AM
  • Well, I replaced using the code on this page: https://weblogs.asp.net/anasghanem/programmatically-changing-the-session-id

                bool redirected, isAdded;
                SessionIDManager Manager = new SessionIDManager();
                string newId = Manager.CreateSessionID(HttpContext.Current);
                Manager.SaveSessionID(HttpContext.Current, newId, out redirected, out isAdded);

    Works perfectly.

    • Proposed as answer by qing__Moderator Friday, November 04, 2016 1:31 AM
    • Marked as answer by OlivierFigeas Friday, November 04, 2016 6:59 AM
    Thursday, November 03, 2016 8:54 AM
  • Hi friend,

    Glad to know that you have resolved this issue, and thanks for sharing your solution here. Would you please mark your reply as the answer? So it would be helpful for other members who meet the same issue as yours.

    Have a nice day :)

    Sincerely,

    Oscar



    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Friday, November 04, 2016 1:32 AM
    Moderator