By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
443,837 Members | 1,842 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 443,837 IT Pros & Developers. It's quick & easy.

Won't save session object

P: n/a
I have an asp.net app that uses session objects (ag. session("UserID")).
The app works fine in development/debug mode. I released it to the test
server (Windows 2000 server with other .NET applications running on it) and
when I am sitting at that server running the application, it also runs fine.
But, if I sit at any workstation on the LAN it does not work. I narrowed
the problem down to the fact that all of the session objects contain nothing
when they should contain data. Is there something that needs to be done in
the application or on the server that can fix this? How can I get the
session objects to hold the data when the application goes live?

Scott
Nov 18 '05 #1
Share this Question
Share on Google+
14 Replies


P: n/a
Are cookies enabled on the machines that don't work properly? Session
cookies must be allowed for session state to work.

"Schoo" <sc***********@nospam.ma-hc.com> wrote in message
news:OL**************@TK2MSFTNGP09.phx.gbl...
I have an asp.net app that uses session objects (ag. session("UserID")).
The app works fine in development/debug mode. I released it to the test
server (Windows 2000 server with other .NET applications running on it) and when I am sitting at that server running the application, it also runs fine. But, if I sit at any workstation on the LAN it does not work. I narrowed
the problem down to the fact that all of the session objects contain nothing when they should contain data. Is there something that needs to be done in the application or on the server that can fix this? How can I get the
session objects to hold the data when the application goes live?

Scott

Nov 18 '05 #2

P: n/a

Or you can change the web.config file and alter the 'sessionState' section to enable 'cookieless' session handling. This mangles the URL of each request to include the unique session id, which is ugly... but it works.
----- Marina wrote: -----

Are cookies enabled on the machines that don't work properly? Session
cookies must be allowed for session state to work.

"Schoo" <sc***********@nospam.ma-hc.com> wrote in message
news:OL**************@TK2MSFTNGP09.phx.gbl...
I have an asp.net app that uses session objects (ag. session("UserID")).
The app works fine in development/debug mode. I released it to the test
server (Windows 2000 server with other .NET applications running on it) and when I am sitting at that server running the application, it also runs fine. But, if I sit at any workstation on the LAN it does not work. I narrowed
the problem down to the fact that all of the session objects contain nothing when they should contain data. Is there something that needs to be done in the application or on the server that can fix this? How can I get the
session objects to hold the data when the application goes live?
Scott

Nov 18 '05 #3

P: n/a
Hi Scott,
Thanks for posting in the community!
From your description, you found your web application's sessionstate not
work when it is visited by some certain workstation client side on your
side,yes?
If there is anything I misunderstood, please feel free to let me know.

As for the problem you mentioned, I think Marina's suggesion is quite
informative, as he mentioned that this problem is likely due to those
client machine's cookie setting.

In fact, the ASP.NET's session is by default associated with all the client
machine via cookie variable named "ASP.NET_SessionId" which identitfy the
unique session id of the certain user. If the client machien has disabled
the cookie in its browser, that'll cause the client unable to associate its
sessionstate on the serverside, then we'll found the session not work. So
would you please try checking the client's browser to see whether the
cookie has been disabled?
You can check in the Browser's setting. In IE, you can find the setting in
the tools-->interntet options-->privacy setting panel and see whether
you've block the certain site's cookie

Also, another means to detect the cookie is to write some code in a certain
ASP.NET page to write a certain cookie variable and then retrieve back it ,
for example:
if(!IsPostBack)
{
Response.Cookies.Add(new HttpCookie(...));
}
else
{
//get the certain cookie via Request.Cookies[...].Value;
}

If unable to retrieve the cookie from clientside again, there must be
something incorrect with the client's cookie setting.

In addtion, here are some tech artielcs on ASP.NET session and cookie
implementation:

#Underpinnings of the Session State Implementation in ASP.NET
http://msdn.microsoft.com/library/en...ionstate.asp?f
rame=true

#basics of cookies in asp.net
http://msdn.microsoft.com/library/de...us/dv_vstechar
t/html/vbtchaspnetcookies101.asp

#Enabling Cookieless Session State in ASP.NET
http://msdn.microsoft.com/msdntv/epi...20030318ASPNET
RH/manifest.xml

http://www.eggheadcafe.com/PrintSear...asp?LINKID=401

Hope they're helpful.
Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx

Nov 18 '05 #4

P: n/a
I am going to read the links you provided on session state and cookies and
develop a test application which may take me a few days to finish (I have
other projects pending), but I wanted to add these comments and get the
group's input:

Marina and Cheng both commented that the workstations need to have cookies
enabled. The symptoms of the issue don't support that as a problem and here
is why: When I am sitting at the test server and run the program with the
URL: http://localhost/program.aspx it runs the session objects fine, but if
I use http://<testservername>/program.aspx it will not store state. Also, I
can run the program on the development workstation in debug mode, but I
can't run it on the same server accross the network from the test server.

I will do the research which will take me some time, but I don't see why
this is such a big problem. In classic ASP I used to just create my session
objects and go. Did Microsoft really complicate this so much that I will
need to take hours to learn the new architecture? Isn't there just
something in web.config or IIS that I can change to make these work right?
Here is the session state object in my web.config file:

<sessionState
mode="InProc"
stateConnectionSTring="tcpip=127.0.0.1:42424"
sqlConnectionSTring="data source=127.0.0.1;Trusted_Connection=yes"
cookieless="false"
timeout="20"
/>

I just want to pass a variable through a session state. My question is:
what is the simplest way to get that done so I can let my beta-group test
this?

Scott
"Steven Cheng[MSFT]" <v-******@online.microsoft.com> wrote in message
news:GH*************@cpmsftngxa07.phx.gbl...
Hi Scott,
Thanks for posting in the community!
From your description, you found your web application's sessionstate not
work when it is visited by some certain workstation client side on your
side,yes?
If there is anything I misunderstood, please feel free to let me know.

As for the problem you mentioned, I think Marina's suggesion is quite
informative, as he mentioned that this problem is likely due to those
client machine's cookie setting.

In fact, the ASP.NET's session is by default associated with all the client machine via cookie variable named "ASP.NET_SessionId" which identitfy the
unique session id of the certain user. If the client machien has disabled
the cookie in its browser, that'll cause the client unable to associate its sessionstate on the serverside, then we'll found the session not work. So
would you please try checking the client's browser to see whether the
cookie has been disabled?
You can check in the Browser's setting. In IE, you can find the setting in
the tools-->interntet options-->privacy setting panel and see whether
you've block the certain site's cookie

Also, another means to detect the cookie is to write some code in a certain ASP.NET page to write a certain cookie variable and then retrieve back it , for example:
if(!IsPostBack)
{
Response.Cookies.Add(new HttpCookie(...));
}
else
{
//get the certain cookie via Request.Cookies[...].Value;
}

If unable to retrieve the cookie from clientside again, there must be
something incorrect with the client's cookie setting.

In addtion, here are some tech artielcs on ASP.NET session and cookie
implementation:

#Underpinnings of the Session State Implementation in ASP.NET
http://msdn.microsoft.com/library/en...ionstate.asp?f rame=true

#basics of cookies in asp.net
http://msdn.microsoft.com/library/de...us/dv_vstechar t/html/vbtchaspnetcookies101.asp

#Enabling Cookieless Session State in ASP.NET
http://msdn.microsoft.com/msdntv/epi...20030318ASPNET RH/manifest.xml

http://www.eggheadcafe.com/PrintSear...asp?LINKID=401

Hope they're helpful.
Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx

Nov 18 '05 #5

P: n/a
Hi Scott,
Thanks for your response. I also don't think this is a big problem. Do you
think it convenitent that you just make a very simple web application, just
one asp.net web page and test the session state when using the
"http://<testservername>/..." sytle url ? Also, you can turn on the page's
or application's Trace mode, set Trace = true in the page , that'll be
helpful for you to troubleshoot the problem. Additionally, I also doubt
that whether it is due to the server's configuration, would you try test
the web app on some other servers and apply the same test on it to see
whether the problem remains? Anyway, if you have got any progress or new
findings, please feel free to post here.
Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx

Nov 18 '05 #6

P: n/a
I developed a test app. It has the same effect. Very simple. Here is the
code:

WEBFORM1.ASPX
<page contains a text box and a button>
Private Sub Button1_Click(ByVal sender....)
Session("text") = TextBox1.Text
Response.Redirect("WebForm2.aspx")
End Sub

WEBFORM2.ASPX
<page contains a text box>
Private Sub Page_Load(....)
TextBox1.text = Session("text")
End Sub

NOTE: I let VS create a new ASP.NET Web Application, added the 2nd webform
and only added the code shown above. I set up a virtual directory through
IIS on the test server called "cookietest".
RESULT WHILE SITTING AT SERVER (IE5.0): Works fine with URL:
//<testservername>/cookietest
RESULT FROM WINXP WORKSTATION ON LAN (IE6): Session object value is not
shown in box on Webform2.aspx
RESULT FROM WIN98 WORKSTATION ON LAN (IE5.5): Session object value is not
shown in box on Webform2.aspx

The server is running .NET Framework 1.1. There has to be a setting here or
something, I can't be the only one that has ever had this happen. Is there
another method I need to use to invisibly hold variables for the session? I
hate to go to SQL Server to do this (especially for a test). What am I
missing here?

Scott
"Steven Cheng[MSFT]" <v-******@online.microsoft.com> wrote in message
news:Ha**************@cpmsftngxa07.phx.gbl...
Hi Scott,
Thanks for your response. I also don't think this is a big problem. Do you
think it convenitent that you just make a very simple web application, just one asp.net web page and test the session state when using the
"http://<testservername>/..." sytle url ? Also, you can turn on the page's or application's Trace mode, set Trace = true in the page , that'll be
helpful for you to troubleshoot the problem. Additionally, I also doubt
that whether it is due to the server's configuration, would you try test
the web app on some other servers and apply the same test on it to see
whether the problem remains? Anyway, if you have got any progress or new
findings, please feel free to post here.
Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx


Nov 18 '05 #7

P: n/a
Hi Scott,
Have you tried the cookie? Using the below code:
Response.Cookies.Add(new HttpCookie("testcookie","testvalue"));
to set a cookie and get it via
HttpCookie tc = Request.Cookies.Get("testcookie");

Becaues by default the session on the server is associated with clientside
with a certain cookie variable named
"ASPNET_SessionId" , so if the cookie doesn't work correctly, of course the
Session won't be able to work correctdly.
And you can use the ASP.NET page's Trace to simply check the cookie or
session collection, just trun on the page's trace in the @page directive as
below:
<%@ Page language="c#" ... Trace="true" .... %>

Please try it out and let me know the result so as for us to do some
further research on this. Thanks.
Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx

Nov 18 '05 #8

P: n/a
I am still having problems:

I went to
http://msdn.microsoft.com/library/de...us/dv_vstechar
t/html/vbtchaspnetcookies101.asp and used it to create the following
example:

WEBFORM1.ASPX
<page contains a text box and a button>
Private Sub Button1_Click(ByVal sender....)
Response.Cookies("username").Value = Tetbox1.Text
Response.Cookies("username").Expires = Now.AddDays(1)
Response.Redirect("WebForm2.aspx")
End Sub

WEBFORM2.ASPX
<page contains a text box>
Private Sub Page_Load(....)
If Not Request.Cookies("username") Is Nothing Then
TextBox1.text = Server.HtmlEncode(Request.Cookies("username").Valu e)
End If
End Sub

RESULT: Exact same results as before from all 3 machines. Here are the
results again:
RESULT IN DEBUG MODE ON DEVELOPMENT MACHINE: Successful! (also confirmed
that a cookie file was created on the workstation)
RESULT WHILE SITTING AT SERVER (IE6): Works fine with URL:
//localhost/cookietest (also confirmed that a cookie file was created on the
workstation), does not work with URL: //<testservername>/cookietest
RESULT FROM WINXP WORKSTATION ON LAN (IE6): Cookie value is not
shown in box on Webform2.aspx and no cookie file created.
RESULT FROM WIN98 WORKSTATION ON LAN (IE5.5): Cookie value is not
shown in box on Webform2.aspx and no cookie file created.

The fact that this works in debug mode on the development machine and when
selecting "localhost" on the server itself, ought to be a major clue here
don't you think? Most interesting is that it will run on the server using
"localhost" but won't run on the server using the server name. Also
consider that we get the same outcome whether we do this with a session
object or with a cookie. What do you think the problem is that would cause
that to happen?

Scott
"Steven Cheng[MSFT]" <v-******@online.microsoft.com> wrote in message
news:9$**************@cpmsftngxa07.phx.gbl...
Hi Scott,
Have you tried the cookie? Using the below code:
Response.Cookies.Add(new HttpCookie("testcookie","testvalue"));
to set a cookie and get it via
HttpCookie tc = Request.Cookies.Get("testcookie");

Becaues by default the session on the server is associated with clientside
with a certain cookie variable named
"ASPNET_SessionId" , so if the cookie doesn't work correctly, of course the Session won't be able to work correctdly.
And you can use the ASP.NET page's Trace to simply check the cookie or
session collection, just trun on the page's trace in the @page directive as below:
<%@ Page language="c#" ... Trace="true" .... %>

Please try it out and let me know the result so as for us to do some
further research on this. Thanks.
Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx

Nov 18 '05 #9

P: n/a
Hi Scott,

Thanks for your response and the further test result infos. Now we've got
that the problem is caused by the cookie unable to store at client side.
I'm not sure whether it is caused by some security issue, the certain site
name(via the //machine name/..) has been blocked at the client at default
privacy level. Would you please try out the following steps:
At the client machine which the session not work, open the IE's
tools-->internet options.. menu and choose the "Privacy" panel and then you
can see the cookie privacy level slide bar, by default the value is
"Medium" , please check it. If so, try turn it down to "low" or "accept all
cookies" and then close and restart IE and visist the site to see whether
the problem remains. If the cookie or session works, I think maybe there is
something incorrect with the privacy setting on the serverside. I'll
continue to troubleshoot on the server machine's cookie privacy setting.
Please try out the suggestions and let me know if you got any progress.
Thanks.
Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx

Nov 18 '05 #10

P: n/a
Steven

Your comment "... the certain site name (via the //machine name/..) has been blocked at the client..." gave me an idea. Up to now I have been using the server name. After reading your comments I thought: "let's try the IP address of the server". When I use the actual IP addresss, it works fine! I couldn't believe it but it works. So, now the question is: why does session objects work when I use the IP address of the server but not when I use the server name

Hey... at least I can demo the site now, so I am very excited about that! :

Scot

----- Steven Cheng[MSFT] wrote: ----

Hi Scott

Thanks for your response and the further test result infos. Now we've got
that the problem is caused by the cookie unable to store at client side.
I'm not sure whether it is caused by some security issue, the certain site
name(via the //machine name/..) has been blocked at the client at default
privacy level. Would you please try out the following steps
At the client machine which the session not work, open the IE's
tools-->internet options.. menu and choose the "Privacy" panel and then you
can see the cookie privacy level slide bar, by default the value is
"Medium" , please check it. If so, try turn it down to "low" or "accept all
cookies" and then close and restart IE and visist the site to see whether
the problem remains. If the cookie or session works, I think maybe there is
something incorrect with the privacy setting on the serverside. I'll
continue to troubleshoot on the server machine's cookie privacy setting.
Please try out the suggestions and let me know if you got any progress.
Thanks
Regards

Steven Chen
Microsoft Online Suppor

Get Secure! www.microsoft.com/securit
(This posting is provided "AS IS", with no warranties, and confers no
rights.

Get Preview at ASP.NET whidbe
http://msdn.microsoft.com/asp.net/whidbey/default.asp
Nov 18 '05 #11

P: n/a
Hi Scott,
Thanks for your response. As you've mentioned the url via IP address works
well and the cookie and session can be correctly retireved and strored. So
the problem seems that the "http://machinename..." url is somehow blocked
at the client. Have you tried the suggestion on "adjusting the clientside
browser's cookie privacy" ? I think you can try turn down the privacy
level, to see whether the cookie can work well on the "http://machinename..
" url. Just as I've mentioned in last reply:
---------------------------------------------------------
At the client machine which the session not work, open the IE's
tools-->internet options.. menu and choose the "Privacy" panel and then you
can see the cookie privacy level slide bar, by default the value is
"Medium" , please check it. If so, try turn it down to "low" or "accept all
cookies" and then close and restart IE and visist the site to see whether
the problem remains.
----------------------------------------------------------

Also, here are some certain tech reference on the cookie privacy IE and web
app:
#Cookies Are Unexpectedly Blocked or Saved on Your Computer
http://support.microsoft.com/?id=298621

#How to Set and Customize Cookies Settings in Internet Explorer
http://support.microsoft.com/?id=196955

#The Default Privacy Settings for Internet Explorer 6
http://support.microsoft.com/?id=293222

#How to Manage Cookies in Internet Explorer 6
http://support.microsoft.com/?id=283185

I believe they'll be also helpful to you.
Please check out the preceding items and let me know if you feel anything
unclear.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx

Nov 18 '05 #12

P: n/a
Hi Scott,
Have you got any further progress on this issue? If you need further
assistance, please feel free to post here.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx

Nov 18 '05 #13

P: n/a
Steven,

Thank you for your idea, however I have set the Privacy setting to "Accept
All Cookies" and even rebooted the machine and confirmed the setting after
reboot and still it will not wok.

This is a very odd problem. Any other thoughts?

Scott

"Steven Cheng[MSFT]" <v-******@online.microsoft.com> wrote in message
news:Zp**************@cpmsftngxa06.phx.gbl...
Hi Scott,
Thanks for your response. As you've mentioned the url via IP address works
well and the cookie and session can be correctly retireved and strored. So
the problem seems that the "http://machinename..." url is somehow blocked
at the client. Have you tried the suggestion on "adjusting the clientside
browser's cookie privacy" ? I think you can try turn down the privacy
level, to see whether the cookie can work well on the "http://machinename.. " url. Just as I've mentioned in last reply:
---------------------------------------------------------
At the client machine which the session not work, open the IE's
tools-->internet options.. menu and choose the "Privacy" panel and then you can see the cookie privacy level slide bar, by default the value is
"Medium" , please check it. If so, try turn it down to "low" or "accept all cookies" and then close and restart IE and visist the site to see whether
the problem remains.
----------------------------------------------------------

Also, here are some certain tech reference on the cookie privacy IE and web app:
#Cookies Are Unexpectedly Blocked or Saved on Your Computer
http://support.microsoft.com/?id=298621

#How to Set and Customize Cookies Settings in Internet Explorer
http://support.microsoft.com/?id=196955

#The Default Privacy Settings for Internet Explorer 6
http://support.microsoft.com/?id=293222

#How to Manage Cookies in Internet Explorer 6
http://support.microsoft.com/?id=283185

I believe they'll be also helpful to you.
Please check out the preceding items and let me know if you feel anything
unclear.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx

Nov 18 '05 #14

P: n/a
Hi Scott,

Thanks for your followup. I found that there're some further items at the
clientside you can try:
1. Override the default IE's cookie privacy setting and set it to allow
"always allow session cookie".

2. Check the "Per site privacy " to see whether the thecertain server 's
machine name is blocked or try add it to allow list

3. Check the "seurity" setting in IE and try adding the certain server's
machinename url into the trusted site.

I've attached the screenshots for the above items. Please refer to them if
you feel anything unclear. Also, if you have any other questions or new
findings, please feel free to let me know.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx

Nov 18 '05 #15

This discussion thread is closed

Replies have been disabled for this discussion.