470,647 Members | 1,187 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 470,647 developers. It's quick & easy.

Client browser sending wrong ASP.NETSessionid in a cookie

Hi

I have a big problem with some browser setting wrong ASP.NETSessionid in
a cookie, and the result is that asp.net 1.1 always assigns new session to
the client. I checked what is going on and I noticed that the broswers set
the sessionid inside quotation marks and I guess that ASP.NET 1.1 can't parse
this and just assigns new session to the client. So my question is can I
somehow intercept the request and fix this session id by my self or is there
some other way to go around this problem!

tnx
Oct 17 '06 #1
2 1596
Yes, you can intercept calls with an HTTP Handler, and do whatever you want
with the raw request, including cookies. I am not sure how easy it is to
dink with the session cookie, but you can reverse engineer some of MS's
stufff to see how to pull from the encrypted cookie, as you will have a raw
stream. I would consider checking the machine keys first (regen on a site
that creates keys?), as that is a possible point of failure.

I am not sure what causes the issue. Where are you setting the cookie?
Traditional ASP app? ASP.NET 2.0? JavaScript?

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA
http://gregorybeamer.spaces.live.com

*************************************************
Think outside of the box!
*************************************************
"Niko" <gr********@gmail.comwrote in message
news:d0**************************@news.microsoft.c om...
Hi

I have a big problem with some browser setting wrong ASP.NETSessionid in a
cookie, and the result is that asp.net 1.1 always assigns new session to
the client. I checked what is going on and I noticed that the broswers set
the sessionid inside quotation marks and I guess that ASP.NET 1.1 can't
parse this and just assigns new session to the client. So my question is
can I somehow intercept the request and fix this session id by my self or
is there some other way to go around this problem!

tnx


Oct 17 '06 #2
Hello Cowboy (Gregory A. Beamer),

I didnít know that, I thought that HttpHandlers are not low level enough
to do that. I could write a simple ISAPI filter and do that, but they donít
like the idea.

Well Iíll try to alter the cookie with HttpHandler

Yes, you can intercept calls with an HTTP Handler, and do whatever you
want with the raw request, including cookies. I am not sure how easy
it is to dink with the session cookie, but you can reverse engineer
some of MS's stufff to see how to pull from the encrypted cookie, as
you will have a raw stream. I would consider checking the machine keys
first (regen on a site that creates keys?), as that is a possible
point of failure.

I am not sure what causes the issue. Where are you setting the cookie?
Traditional ASP app? ASP.NET 2.0? JavaScript?

*************************************************
Think outside of the box!
*************************************************
"Niko" <gr********@gmail.comwrote in message
news:d0**************************@news.microsoft.c om...
>Hi

I have a big problem with some browser setting wrong ASP.NETSessionid
in a cookie, and the result is that asp.net 1.1 always assigns new
session to the client. I checked what is going on and I noticed that
the broswers set the sessionid inside quotation marks and I guess
that ASP.NET 1.1 can't parse this and just assigns new session to the
client. So my question is can I somehow intercept the request and fix
this session id by my self or is there some other way to go around
this problem!

tnx

Oct 17 '06 #3

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

22 posts views Thread by Theo | last post: by
88 posts views Thread by Mike | last post: by
33 posts views Thread by Todd | last post: by
3 posts views Thread by Ben | last post: by
reply views Thread by dawson | last post: by
2 posts views Thread by arijitdas | last post: by
1 post views Thread by Korara | last post: by
reply views Thread by warner | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.