search

Murielle666 / eid-applet

Automatically exported from code.google.com/p/eid-applet
Other
0 stars 0 forks source link

ASP.NET Session state issues #20

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
Hello,

I've implemented the aspx source code found in the svn.
When using the AppletService, the data is being read but I am facing a 
Sessionstate problem. After the redirect to the TargetPage, the Session is 
empty (and has another session id).
It seems to work when I setup my web.config sessionState like this: 

<sessionState mode="InProc" cookieless="UseUri" />

But this generates 'ugly' url's...

A similar problem exists in the authentication applet service, this time it 
occurs even in between requests to the same handler...
The error occurs specifically at the lines:

byte[] challenge = (byte[]) httpContext.Session["Challenge"];
memoryStream.Write(challenge, 0, challenge.Length);

of the file "AuthnAppletService.cs".

Has anyone successfully implemented this?

best regards,

Kevin Van Haecke

Original issue reported on code.google.com by kevin.va...@gmail.com on 1 Dec 2009 at 9:00

GoogleCodeExporter commented 9 years ago 
You need to disable the HttpOnly flag on the IIS session cookie.

Original comment by frank.co...@gmail.com on 15 Dec 2009 at 2:49

GoogleCodeExporter commented 9 years ago 
I tried to immplement the above, but <httpCookies httpOnlyCookies="false"/> 
doesn't 
work. every call to the httphandler generates a new session id.

Original comment by tinomari...@gmail.com on 17 Feb 2010 at 11:55

GoogleCodeExporter commented 9 years ago 
[deleted comment]
GoogleCodeExporter commented 9 years ago 
[deleted comment]
GoogleCodeExporter commented 9 years ago 
I solved the problem!
add this to the global.asax..

Sub Application_EndRequest(ByVal sender As Object, ByVal e As EventArgs)
        If Response.Cookies.Count > 0 Then
            For Each s As String In Response.Cookies.AllKeys
                If s.Equals("ASP.NET_SessionId") Then
                    Response.Cookies("ASP.NET_SessionId").HttpOnly = False
                End If
            Next
        End If
    End Sub

Original comment by tijscorn...@gmail.com on 4 Jun 2010 at 7:01

GoogleCodeExporter commented 9 years ago 
Works like a sharm, tnx

Original comment by tinomari...@gmail.com on 8 Jun 2010 at 10:56

GoogleCodeExporter commented 9 years ago

Original comment by frank.co...@gmail.com on 23 Jun 2010 at 2:18