none
IE11 Session Id in URL

    Question

  • I have some problems to browse the website with IE11 under Windows 8.1

    I have a web site setup with the sessionState in Cookies (ASP.NET 4.0 under IIS 7)

    <sessionState cookieless="UseCookies"></sessionState>

    In IE11 in default mode I'm able to login to the website but as soon as I click any link I'm redirected back to the login page.

    If I switch the User agent string to Internet Explorer 10, everything work perfectly.

    I have also notice the addition of  /(F(.......))/... in the URL. Which looks like the Session ID is passed in the URL.

    I have also experienced the same behavior with IE11 under Windows 7. But I had to reset all my cookies.

    Unfortunately, I was unable to reproduce the exact configuration that causes the problem.

    Does anyone have an idea of what could cause the problem or similar behavior

    Thanks

    Jason Matos

    Thursday, August 01, 2013 8:07 PM

Answers

  • Hi Jason,

    I've not fully investigated this but I suspect the problem is down to the browser definitions in the .Net framework on the server.  Microsoft have changed the user agent string for IE and as a result it's not longer detected as IE. 

    In the meantime, you can change the default behaviour by editing your web.config. Rather than setting cookie handling in the sessionState you should do it in the <authentication> section.

    <authentication mode="Forms">
      <forms loginUrl="~/YourLoginUrl" timeout="2880" cookieless="UseCookies" />
    </authentication>

    Give that a try - it worked for me.

    Mark.

    • Marked as answer by JasongMatos Tuesday, August 06, 2013 12:19 PM
    Tuesday, August 06, 2013 9:14 AM

All replies

  • Hi,

    are you using onbeforeunload?

    see Compatibility Changes in IE11.http://msdn.microsoft.com/en-us/library/ie/bg182625(v=vs.85).aspx

    when asking questions in this forum about html, css and scripting it is helpful if you can provide a link to your website for us to test.


    Rob^_^

    Thursday, August 01, 2013 8:48 PM
  • No oberforeUnload is not used.

    Unfortunately, it is a private corpo site and like a mentioned I was not yet able to reproduce the problem in a test environment...

    Thursday, August 01, 2013 8:53 PM
  • Hi,

    IE11 is 'Preview'.... post any reproducible incidents to http://connect.Microsoft.com/ie

    use the f12 developer tools>Networking tab to determine the request query parameters sent to the server....

    Right click on the links and select Properties from the context menu to determine the navigation uri (which should include the sessionid parameter).

    Regards.


    Rob^_^

    Friday, August 02, 2013 12:28 AM
  • Hi Jason,

    I've not fully investigated this but I suspect the problem is down to the browser definitions in the .Net framework on the server.  Microsoft have changed the user agent string for IE and as a result it's not longer detected as IE. 

    In the meantime, you can change the default behaviour by editing your web.config. Rather than setting cookie handling in the sessionState you should do it in the <authentication> section.

    <authentication mode="Forms">
      <forms loginUrl="~/YourLoginUrl" timeout="2880" cookieless="UseCookies" />
    </authentication>

    Give that a try - it worked for me.

    Mark.

    • Marked as answer by JasongMatos Tuesday, August 06, 2013 12:19 PM
    Tuesday, August 06, 2013 9:14 AM
  • Hi Mark

    Indeed it solves the problem perfectly. It seems the that the sessionState cookieless is not enough when using the Authentication. Maybe since the default is AutoDetect.

    Thanks you saved me hours of debugging.

    Jason Matos

    Tuesday, August 06, 2013 12:23 PM
  • thanks, it worked for me too :)
    • Edited by jesparzaf Friday, November 08, 2013 6:17 PM
    Friday, November 08, 2013 6:17 PM
  • Hi i have tried this in my asp.net mvc application
    <forms loginUrl="~/YourLoginUrl" timeout="2880" cookieless="UseCookies" />
    But it works fine for my first login.During my second login the auth cookies are not passed in the request header


    Wednesday, January 15, 2014 5:16 AM
  • I have tried the above in  my asp.net mvc application.But it works fine for my first login.During my second time login the auth cookies are not sent in the request header
    Wednesday, January 15, 2014 5:20 AM