472,791 Members | 1,647 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 472,791 software developers and data experts.

Client browser sending wrong ASP.NETSessionid in a cookie

Hi

I have a big problem with some browser setting wrong ASP.NETSessionid in
a cookie, and the result is that asp.net 1.1 always assigns new session to
the client. I checked what is going on and I noticed that the broswers set
the sessionid inside quotation marks and I guess that ASP.NET 1.1 can't parse
this and just assigns new session to the client. So my question is can I
somehow intercept the request and fix this session id by my self or is there
some other way to go around this problem!

tnx
Oct 17 '06 #1
2 1660
Yes, you can intercept calls with an HTTP Handler, and do whatever you want
with the raw request, including cookies. I am not sure how easy it is to
dink with the session cookie, but you can reverse engineer some of MS's
stufff to see how to pull from the encrypted cookie, as you will have a raw
stream. I would consider checking the machine keys first (regen on a site
that creates keys?), as that is a possible point of failure.

I am not sure what causes the issue. Where are you setting the cookie?
Traditional ASP app? ASP.NET 2.0? JavaScript?

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA
http://gregorybeamer.spaces.live.com

*************************************************
Think outside of the box!
*************************************************
"Niko" <gr********@gmail.comwrote in message
news:d0**************************@news.microsoft.c om...
Hi

I have a big problem with some browser setting wrong ASP.NETSessionid in a
cookie, and the result is that asp.net 1.1 always assigns new session to
the client. I checked what is going on and I noticed that the broswers set
the sessionid inside quotation marks and I guess that ASP.NET 1.1 can't
parse this and just assigns new session to the client. So my question is
can I somehow intercept the request and fix this session id by my self or
is there some other way to go around this problem!

tnx


Oct 17 '06 #2
Hello Cowboy (Gregory A. Beamer),

I didnít know that, I thought that HttpHandlers are not low level enough
to do that. I could write a simple ISAPI filter and do that, but they donít
like the idea.

Well Iíll try to alter the cookie with HttpHandler

Yes, you can intercept calls with an HTTP Handler, and do whatever you
want with the raw request, including cookies. I am not sure how easy
it is to dink with the session cookie, but you can reverse engineer
some of MS's stufff to see how to pull from the encrypted cookie, as
you will have a raw stream. I would consider checking the machine keys
first (regen on a site that creates keys?), as that is a possible
point of failure.

I am not sure what causes the issue. Where are you setting the cookie?
Traditional ASP app? ASP.NET 2.0? JavaScript?

*************************************************
Think outside of the box!
*************************************************
"Niko" <gr********@gmail.comwrote in message
news:d0**************************@news.microsoft.c om...
>Hi

I have a big problem with some browser setting wrong ASP.NETSessionid
in a cookie, and the result is that asp.net 1.1 always assigns new
session to the client. I checked what is going on and I noticed that
the broswers set the sessionid inside quotation marks and I guess
that ASP.NET 1.1 can't parse this and just assigns new session to the
client. So my question is can I somehow intercept the request and fix
this session id by my self or is there some other way to go around
this problem!

tnx

Oct 17 '06 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

22
by: Theo | last post by:
Question for the group The authentication system for the site Im working on seems to function properly and all is good. A session keeps track of everything and a cookie is used to accept or deny...
1
by: Vetrivel | last post by:
Application architecture : Develop interface between two existing systems, a. Enterprise CRM system b. Web based intranet system. Environment : Intranet Server : IIS and ASP. Script :...
88
by: Mike | last post by:
Is there a way to determine what a user's default email client is? I read a post from 3 years ago that said no. I guess I'm hoping something has come along since then.
33
by: Todd | last post by:
OK, I created a .htm page within a new Web solution: -------------------------------------------------------- <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <html> <head>...
3
by: Greg Liles | last post by:
I've logged into an ASP.Net server through my browser. My browser runs an activex control. The activex control starts an activex EXE that needs to communicate to the server. The problem is when...
3
by: Ben | last post by:
Hi, I'm sending out a session cookie. That is a cookie that has no expiration date. When I surf through the site, no problems, but if I close the browser and open it back up, the cookie is still...
4
by: Goh | last post by:
Hi, I would like to know how can we implement a web page that intelligent enough to unique identify that pc have been visit before without any cookies and login user require. I have try...
0
by: dawson | last post by:
I started off by trying to use the HttpCapabilitiesBase.Cookies Property (Note: This property is new in the .NET Framework version 2.0) however it kept on returning true even when I disabled...
2
by: arijitdas | last post by:
Hi, We have an ASP.NET 2.0 web application where we want to share few user specific data between server and client side code using cookie. We are seeing a very strange behavior that it does not...
3
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 2 August 2023 starting at 18:00 UK time (6PM UTC+1) and finishing at about 19:15 (7.15PM) The start time is equivalent to 19:00 (7PM) in Central...
0
linyimin
by: linyimin | last post by:
Spring Startup Analyzer generates an interactive Spring application startup report that lets you understand what contributes to the application startup time and helps to optimize it. Support for...
0
by: erikbower65 | last post by:
Here's a concise step-by-step guide for manually installing IntelliJ IDEA: 1. Download: Visit the official JetBrains website and download the IntelliJ IDEA Community or Ultimate edition based on...
2
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Sept 2023 starting at 18:00 UK time (6PM UTC+1) and finishing at about 19:15 (7.15PM) The start time is equivalent to 19:00 (7PM) in Central...
14
DJRhino1175
by: DJRhino1175 | last post by:
When I run this code I get an error, its Run-time error# 424 Object required...This is my first attempt at doing something like this. I test the entire code and it worked until I added this - If...
0
by: Rina0 | last post by:
I am looking for a Python code to find the longest common subsequence of two strings. I found this blog post that describes the length of longest common subsequence problem and provides a solution in...
5
by: DJRhino | last post by:
Private Sub CboDrawingID_BeforeUpdate(Cancel As Integer) If = 310029923 Or 310030138 Or 310030152 Or 310030346 Or 310030348 Or _ 310030356 Or 310030359 Or 310030362 Or...
0
by: lllomh | last post by:
Define the method first this.state = { buttonBackgroundColor: 'green', isBlinking: false, // A new status is added to identify whether the button is blinking or not } autoStart=()=>{
0
by: lllomh | last post by:
How does React native implement an English player?

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.