By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
440,408 Members | 1,840 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 440,408 IT Pros & Developers. It's quick & easy.

Getting rid of session cookie ("ASP.NET_SessionId")

P: n/a
Hi all,

I have an application that when finished redirects to a non-ASP.NET app
which is choking on a huge ASP.NET session cookie. The cookie
"ASP.NET_SessionId" gets transmitted by the browser (IE6 in test case)
despite trying Microsoft's suggested method of expiring the cookie first.

I'd like to be able to kill the cookie and do a Response.Redirect() from
within a server-side button handler, but I'm to the point now where I'm
instead redirecting to a third .aspx page whose only job is to remove the
cookie and have a hyperlink out. In its Page_Load:

{
System.Web.HttpContext.Current.Session.Abandon();

HttpCookieCollection cookieColl = HttpContext.Current.Request.Cookies;
String[] names = cookieColl.AllKeys;
System.Web.HttpContext.Current.Trace.Write(String. Format("{0} cookies:",
names.Length));
for (int i = 0; i < names.Length; i++) {
HttpCookie cookie = cookieColl[names[i]];
System.Web.HttpContext.Current.Trace.Write(String. Format(" {0}",
names[i]));
cookie.Expires = DateTime.Now.AddDays(-1);
cookie.Domain = "invaliddomain";
cookie.Path = "invalidpath";
cookie.Value = "invalidvalue";
Response.Cookies.Add(cookie);
}
}

.... but on clicking the hyperlink, the cookie yet lives.

Any ideas? Is this something specific to IE6 perhaps, some security update
that special-cases ASP.NET cookies? Any help is appreciated.

Thanks,
--Dan Michaeloff
Nov 19 '05 #1
Share this Question
Share on Google+
1 Reply


P: n/a
Daniel Michaeloff wrote:
Hi all,

I have an application that when finished redirects to a non-ASP.NET
app which is choking on a huge ASP.NET session cookie. The cookie
"ASP.NET_SessionId" gets transmitted by the browser (IE6 in test case)
despite trying Microsoft's suggested method of expiring the cookie
first.

I'd like to be able to kill the cookie and do a Response.Redirect()
from within a server-side button handler, but I'm to the point now
where I'm instead redirecting to a third .aspx page whose only job is
to remove the cookie and have a hyperlink out. In its Page_Load:

{
System.Web.HttpContext.Current.Session.Abandon();

HttpCookieCollection cookieColl =
HttpContext.Current.Request.Cookies; String[] names =
cookieColl.AllKeys;
System.Web.HttpContext.Current.Trace.Write(String. Format("{0}
cookies:", names.Length)); for (int i = 0; i < names.Length; i++) {
HttpCookie cookie = cookieColl[names[i]];
System.Web.HttpContext.Current.Trace.Write(String. Format("
{0}", names[i]));
cookie.Expires = DateTime.Now.AddDays(-1);
cookie.Domain = "invaliddomain";
cookie.Path = "invalidpath";
cookie.Value = "invalidvalue";
Response.Cookies.Add(cookie);
}
}

... but on clicking the hyperlink, the cookie yet lives.

Any ideas? Is this something specific to IE6 perhaps, some security
update that special-cases ASP.NET cookies? Any help is appreciated.

Thanks,
--Dan Michaeloff


What probably happens is that the ASP.Net system automatically
adds that cookie, overwriting your "remove this cookie" version.

Try adding a "EnableSessionState=False" to the @ Page directive in the aspx,
maybe this will get rid of the new session cookie.

Hans Kesting
Nov 19 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.