locked
Bad request from session state (can't understand why) RRS feed

  • Question

  • User2025643219 posted

    Hello to all community.

    I've got a very strange error and i'm really not able to detect why.

    I have a little asp net 4 website running on IIS6, and works perfectly.
    I configured cookieless to autodetect and all looks like ok.

    I'm in trouble about 2 my internal users.
    Looks like they have no cookies allowed, and so asp net uses Session ID in query string, making pages like 

    http://site/(fijdndisfiduxiuhdas983213)/default.aspx

    Mmm, in the reality the session ID is very longer, like

    http://site/(fijdndisfiduxiuhdas983213asiofjdsoiasiojfsdpfijsipofjadoijgdaiogjpoaijgfpiojgdsipghdfsiupghdfsiughfiughdfsuighfdiughfdiughsfiuoghfd834789274893)/default.aspx

    And mabye also longer. I will past one, when i will got.

    I already checked browser, they are ok.
    Anyway i said, no problem, if it works.

    The main problem is on these 2 PC (where session id is embedded into query string), suddenly appears a 404 - Bad request page.
    I tried to replicate problem on my develop machine but NEVER happens and never appears session ID in query string.

    I tried all cookieless combination, i enlarged maxrequestquerystring limit, and allowed all chars

     <httpRuntime executionTimeout="120" maxRequestLength="10000" maxQueryStringLength="10000" requestPathInvalidCharacters=""/>

    I've also disabled validation request in <page> section of web config

    I also formatted PC with this issue: nothing. SessionID continues to appear on query string.
    I do not know what to do!!

    The site uses SqlMembership and SqlRole Manager if it can help.
    Please help me, i really do not know how to get out this situation.

    Thursday, January 20, 2011 5:35 AM

Answers

All replies

  • User712082397 posted

    suddenly appears a 404 - Bad request page.
     

    Try to check IIS logs and see what page is throwing this error? Is it just one page or there are other pages too?

    Thursday, January 20, 2011 9:43 AM
  • User2025643219 posted

    Thank you for the reply.
    I enabled IIS log following this procedure. http://support.microsoft.com/kb/313437
    Is that right? What should i look for when error appears?


    Anyway i found that logs were already enabled, so i read this and tried to get out informations

    blogs.iis.net/carlosag/archive/2010/03/25/analyze-your-iis-log-files-favorite-log-parser-queries.aspx

    But not able to get what i need.
    Mabye no query here listed can get out error details??



    Here, here, i got it, i got it!
    I found it in http.sys. This is what i was trying to say:


    2011-01-20 15:51:42 62.94.103.27 59118 192.168.0.250 2503 HTTP/1.1 GET /AzbuyLocal/(X(1)S(kfzq2dk42ls3x0zq3vrnmh3c)F(8E4444A148C075FA0B91B397DC9B1C9F3CC1A34A1C1D74B68559983620C120C32C1B71EC6EE0EB7D7997ED64DF6D740B5A28FBA850899350C91505673DAE1EDE323CC478CC03DD8F5189E18E8B9D9F37E7F92BA613CDDE3A74EA3DF73497E50A52A7D178752C50BBCD9AC455D53E95B535C304DE61ACCAC2570DA6717467FC5AF47BDD25B4A0455B290354AA70465E7B))/CliMode.aspx?ragsoci=LEVA+SRL 400 - URL -


    I paste here also few lines before and after:


    2011-01-20 15:41:30 188.2.100.207 59971 192.168.0.250 443 - - - - - Timer_ConnectionIdle -

    2011-01-20 15:42:28 192.168.0.61 1737 192.168.0.250 80 HTTP/1.1 OPTIONS / 400 - Hostname -

    2011-01-20 15:42:55 188.2.100.207 59973 192.168.0.250 443 - - - - - Timer_ConnectionIdle -

    2011-01-20 15:46:05 188.2.100.207 49788 192.168.0.250 443 - - - - - Timer_ConnectionIdle -

    2011-01-20 15:48:35 192.168.0.164 2574 192.168.0.250 2503 - - - - - Timer_ConnectionIdle -

    2011-01-20 15:51:42 62.94.103.27 59118 192.168.0.250 2503 HTTP/1.1 GET /AzbuyLocal/(X(1)S(kfzq2dk42ls3x0zq3vrnmh3c)F(8E4444A148C075FA0B91B397DC9B1C9F3CC1A34A1C1D74B68559983620C120C32C1B71EC6EE0EB7D7997ED64DF6D740B5A28FBA850899350C91505673DAE1EDE323CC478CC03DD8F5189E18E8B9D9F37E7F92BA613CDDE3A74EA3DF73497E50A52A7D178752C50BBCD9AC455D53E95B535C304DE61ACCAC2570DA6717467FC5AF47BDD25B4A0455B290354AA70465E7B))/CliMode.aspx?ragsoci=LEVA+SRL 400 - URL -

    2011-01-20 15:51:55 188.2.100.207 33815 192.168.0.250 443 - - - - - Timer_ConnectionIdle -

    2011-01-20 16:05:25 195.18.29.107 1178 192.168.0.250 443 - - - - - Timer_ConnectionIdle -

    2011-01-20 16:05:44 192.168.0.61 2660 192.168.0.250 80 HTTP/1.1 OPTIONS / 400 - Hostname -

    2011-01-20 16:11:35 62.94.103.27 54611 192.168.0.250 2503 - - - - - Timer_ConnectionIdle -

    2011-01-20 16:16:00 192.168.0.65 3598 192.168.0.250 80 HTTP/1.1 OPTIONS / 400 - Hostname -

    2011-01-20 16:17:40 62.94.103.27 41899 192.168.0.250 2503 - - - - - Timer_ConnectionIdle -

    Thursday, January 20, 2011 1:59 PM
  • User2025643219 posted

    nobody can help me?

    Friday, January 21, 2011 3:10 PM
  • User2025643219 posted

    Should i post question in other microsoft forums?
    I've tried everything!!!

    Tuesday, January 25, 2011 5:47 AM
  • User1957418580 posted

    This is usually a proxy issue - see if you can follow this article and let us know if it helps:

     

    909622 Error message when a client tries to open a Web site for the first time: "HTTP 400 - Bad Request"
    http://support.microsoft.com/default.aspx?scid=kb;EN-US;909622
     

    Wednesday, January 26, 2011 6:41 AM
  • User2025643219 posted

    I will try, even if it never happens on first time.

    Wednesday, January 26, 2011 8:56 AM
  • User1957418580 posted

    Did this help? 

    Sunday, January 30, 2011 10:51 AM
  • User2025643219 posted

    Mmm, in the facts i do not know, becouse beyond your suggestion i applied in same time also this one:

    http://forums.iis.net/p/1175021/1969270.aspx#1969270

    And it works, but don't know which one solved issue.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Sunday, January 30, 2011 11:00 AM
  • User1611542451 posted

    We had a similar issue where we needed to run a site cookieless to sit inside our clients I-Framed website.  When users with longish email addresses attempted to login there hit the dreaded BAD REQUEST error.

    The issue is because the cookie being passed in the URL resides in one URL segment - that is the characters between two forward slashes.  And that default length is 260 characters.  Our url cookie segments were hitting 370 characters.

    Setting HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\UrlSegmentMaxLength DWORD  (512) greater than the default to say 512 (max 32768) will overcome any Bad Request errors.

    See http://support.microsoft.com/kb/820129 for more info, but don't be fooled by the date - this still applies now.

    What is interesting is this still applies to June 2011 tech - namely IIS 7.5, Windows Server 2008 and ASP.NET 4.0.  Searching for this fix implies a 3 year old issue which is 30 IT years.

    Tuesday, June 28, 2011 7:59 PM
  • User11528697 posted

    IIS7+ allows you to control URL length and query length from IIS manager. You should be able to use those two values instea of manipulating registry directly.

    Tuesday, June 28, 2011 9:57 PM