locked
Session variable lost because of Thread ID change RRS feed

  • Question

  • User-159752495 posted

    Hello,

              There is a pay.aspx page in the website, through which I  am sending the encrypted request to payment gateway. I am also setting the Session variable on the pay.aspx page. In the response page in the website , I am decrypting the request and comparing the Session Variable set in the pay.aspx to the decrypted response variable. But in Response page, I am  getting the same Session variable with null value with a different thread ID. I have also set

    <sessionState mode="InProc" timeout="20"></sessionState> in web.config. What should I do so that session variable value is not lost after round trip of the payment gateway whose url is outside of the website.

    Thanks

    Anoop Mathur

    Thursday, December 19, 2019 11:59 AM

All replies

  • User753101303 posted

    Hi,

    You asked a question recently about a redirection problem during a payment? Might be the same issue ie if the "response" page (this is a the "webhook" feature for your payment provider?) is called directly by the 3rd party payment server rather than by the user browser it is expected that you won't have the same browser session id as it comes from an entirely different source.

    Make sure to understand first from where comes each http request during this payment flow.

    Thursday, December 19, 2019 12:14 PM
  • User765422875 posted

    Are you using a web farm/cluster? If so one request can go to one server and the next is routed to another through some kind of load balancing. Hard to really say without knowing your architecture. It could also be that the original request is lost when it gets sent to the payment gateway.

    Possible solution:

    Maintain a dictionary or some other data structure with the SessionID and value. Perhaps a static dictionary or distributed cache like Redis.

    Thursday, December 19, 2019 1:10 PM
  • User283571144 posted

    Hi anp123,

    As far as I know, the IIS will not changed the thread id when hosting. I guess you may enabled web farm in your IIS.  To solve this issue, you should use the sql server session provider or redis provider instead of the InProc. 

    The inproc will store the session into the memory.  

    More details about how to use the sql server session provider or redis provider, you could refer to below article:

    https://support.microsoft.com/en-sg/help/317604/how-to-configure-sql-server-to-store-asp-net-session-state 

    Best Regards,

    Brando

    Thursday, December 26, 2019 2:33 AM