IIS7 Session ID rotating with Classic ASP
Posted
by ManiacZX
on Server Fault
See other posts from Server Fault
or by ManiacZX
Published on 2010-03-17T17:54:36Z
Indexed on
2010/03/17
18:01 UTC
Read the original article
Hit count: 542
I am trying to migrate a Classic ASP app onto a Windows 2008 R2 server.
The application features run fine, but I am having issue with session.
The application keeps the logged in user information in session and I am constantly getting knocked out as if the session had expired.
While debugging I have discovered the sessions are not expiring but instead I am getting 2-3 different Session IDs in use by one browser.
I am outputting Response.Write(Session.SessionID) on various pages in the application and I can sit there and hit refresh over and over and watch the number changed between these 2-3 SessionIDs randomly.
The sessions are still valid because when I refresh and get the Session ID that I logged in under the page is displayed (because the security check was successful) and when I get one of the other Session IDs I get the "you aren't logged in, you need to log in" message.
If I close and re-open the browser, same story just the set of IDs are new.
This happens with IE8, Firefox and Chrome from multiple computers.
Things I've tried:
- AppPool set to No Managed Code and Classic
- Output Caching set .asp to never cache
- ASP Session Properties enabled and disabled asp session state and confirmed it affected page (error trying to read Session.SessionID when disabled)
Things I've tried just in case but shouldn't have anything to do with ASP Session:
- Disabled compression
- Changed ASP.Net Session State properties (InProc, StateServer, SQLServer, Cookies, URI, etc)
-
© Server Fault or respective owner