Is there a way of turning on and off the session cookie in ASP.NET without using the <#PAGE construct? A way to overrule the construct?
I want sometimes to have session enabled on the page, sometimes disabled. I don't want to have to keep recompiling the website to enable or disable the session. In php you could turn on session by open_session() , I wonder if there's an asp.net equivalent. I'm looking for a way to enable the session in code.
If someone visits the Login page, the session is then enabled for the whole otherwise, it is not enabled and the site is sessionless, cookieless.
You must set the Off mode in the sessionState of the web.config file, in this way it disable the session of the application but if you want to disable the asp.net cookie but still track of the session you could use the cookielessoption.
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
<sessionState mode="Off"/>
<!-- or -->
<sessionState cookieless="true"/>
</system.web>
</configuration>
Guess you can do it in web.config: https://msdn.microsoft.com/en-us/library/h6bb9cz9(v=vs.71).aspx
Related
To avoid adding cookie consent acceptance, I would like to disable cookies for certain pages in my asp.net site. I know I can add this to the config:
<configuration>
<system.web>
<sessionState cookieless="true" />
</system.web>
</configuration>
But is it possible to specify that only certain pages (in matter fact only one page) to be cookieless?
I have a fairly large Umbraco instance containing a mix of marketing pages and web applications.
About 10% of the Content node pages are web application pages. I want to disable SessionState for the remaining 90% of pages which don't need it, in order to improve performance and avoid contention. We are using SQL Server sessions.
Is there any way to do this? As far as I've been able to find out, the only way to disable SessionState on a per-page basis is to include EnableSessionState="False" in the .aspx #Page declaration. But as Umbraco generates virtual .aspx pages, I can't see any way in which to do this.
There doesn't appear to be any way in code to effect it either.
Since you seem to be using nested webforms master pages in Umbraco (rather than MVC) you are left with one option since the Masterpages don't have the public property 'enablesessionstate'
As far as I know you are left with one option which is to handle the sessionstates in the web.config
There are two scenarios, implicit and explicit
Explicit exclusion
<!-- globally enbabled sessionstate -->
<system.web>
<sessionState mode="On" />
</system.web>
<!-- disable on specific paths -->
<location path="path/whatever">
<system.web>
<sessionState mode="Off" />
</system.web>
</location>
<location path="otherplace">
<system.web>
<sessionState mode="Off" />
</system.web>
</location>
Implicit
<!-- globally disabled sessionstate -->
<system.web>
<sessionState mode="Off" />
</system.web>
<!-- enable on specific paths -->
<location path="path/whatever">
<system.web>
<sessionState mode="On" />
</system.web>
</location>
<location path="otherplace">
<system.web>
<sessionState mode="On" />
</system.web>
</location>
If you're using web forms, you could potentially hook into the page loading event and check the page template to then set the session state on or off?
Which version of Umbraco are you using?
I have made a web application which uses user authentication and if user is authenticated user then i store it in Session like below.
Session("uid") = txtUid.text
But after 2-3 minutes Session is automatically cleared.
increase your session time in Web.config
<system.web>
<sessionState timeout="260" />
</system.web>
2 - 3 minutes?
it means that you are not sure how long it takes for the session to close.
from here i can assume that you are using internet explorer?
internet explorer has a known issue with asp.net, if you have an underscore in your virtual path like
www.mySite.com/some_test_site.aspx
so i bet you have a scenario like this.
in any case, you can add the following line to your web.config to keep vars for 60 minutes:
<sessionState mode="InProc" timeout="60"/>
it goes under:
<configuration>
<system.web>
You can set the session state of your web application in web.config. Add this code in the Configuration section of your web.config.
<configuration>
<system.web>
...
<sessionState timeout="20" />
...
</system.web>
</configuration>
I am running a discussion website. The problem that is coming is that after sometime session automatically expires. I am hosting my website on a shared server and doesn't have access to the settings of extending expiry time in IIS. So is there any way I can do that using web.config?
And also I enabled basic authentication on the server and using default authentication in my website, means I didn't gave any authentication mode in configuration file. So are they same?
Yes, this is possible:
<configuration>
<system.web>
<sessionState timeout="x" />
<system.web>
</configuration>
Where x is the desired session timeout in minutes.
You can manage session timeout using web.config
Sessionstate timeout property is mentioned in minutes.
In webconfig file...
<system.web>
<sessionState timeout="1440"></sessionState>
</system.web>
Anytime I update a file in project and I am on website i loose authentication. Session is changing or I don't know what it happens.
What changes should I do?
Thi is part of webconfig
<system.web>
<sessionState cookieless="UseCookies" mode="InProc" sqlCommandTimeout="1200" sqlConnectionString="Data Source=WINDOWS2008\SQLEXPRESS;User ID=dotnet;Password=1234" timeout="20" />
<globalization culture="en-US" />
<httpRuntime minFreeThreads="18" minLocalRequestFreeThreads="18" executionTimeout="1000000" maxRequestLength="1024000" requestLengthDiskThreshold="1024000" />
<!-- <sessionState timeout="60" mode="InProc" />-->
<!--
Set compilation debug="true" to insert debugging
symbols into the compiled page. Because this
affects performance, set this value to true only
during development.
-->
<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
</assemblies>
You should use authentication by means of cookies. That way your current logged-in user will not be influenced by session drops.
Note: Actually, handling authentication correctly has lots of other benefits. Counting on the session itself has many problems, and above all it does not scale.
Read more about doing authentication right in ASP.NET here:
Introduction to Membership
ASP.NET Authentication
The application pool will restart and session state will be lost. Imagine each ASP.NET application (as defined in IIS) is a program on the desktop. Saving web.config will do something similar to closing the program and reopening it.
You can use Outproc session state management (ex:Sql Server)
http://ravisystem.wordpress.com/2007/10/21/inproc-session-state-out-proc-session-state-in-aspnet/