I am facing a problem of loss of session variables once the ASP.Net 2.0 application is deployed. Let me add that this is actually a 1.1 to 2.0 migration.
I found that the first time the page is posted, I found that session variables are getting lost. When I hit Back on IE, and re-enter, the session variables exist and things move smoothly. This problem was not occurring when I tested on my machine, but only after deployment to the server.
I have found that this is because of SSL; on removal of SSL, the session values are retained. But as the application has to be hosted as a secure website, this solution is not acceptable.
So, I tried out a few things, but haven't found any success yet:
1. I commented the existing code of
Response.Cookies ["ASP.NET_SessionID"].Secure = true;
in the global.asax.cs file
2. I tried out the suggestion on http://support.microsoft.com/kb/917412 :
Expand|Select|Wrap|Line Numbers
- void Session_Start(object sender, EventArgs e)
- {
- if (Response.Cookies.Count > 0)
- {
- foreach (string s in Response.Cookies.AllKeys)
- {
- if (s == System.Web.Security.FormsAuthentication.FormsCookieName || s.ToLower() == "asp.net_sessionid")
- {
- Response.Cookies[s].HttpOnly = false;
- }
- }
- }
- }
Is there anything that I am missing? I have spent a lot of time on this...any suggestions?