Why do Asp.net web project have garbage values in the url? - asp.net

I have tried googling and searching for this issue on SO - but have had little success - primarily because I am not sure whether I am searching right.
I am working on an ASP.Net Web Application Project (not website) using Visual Studio 2008, C# and Cassini for testing.
However, everytime I run the site, I get a URL such as:
http://localhost:8671/(S(saifdk55xyhalrqbstrtrdiw))/SubjectClassTeacher/Default.aspx
Even if I modify the URL and try to go to:
http://localhost:8671/SubjectClassTeacher/Default.aspx
I am redirected back to this URL.
The garbage value in the center: (S(saifdk55xyhalrqbstrtrdiw)) keeps changing every few times I compile and I have no idea why it gets injected or how to disable it.
Could anyone throw any light on this issue?
Primarily, I would like to know why this happens and how do I disable this.
Because this happens when I deploy the website on IIS as well.
Any help is appreciated.
Thank you.

This is a clever feature in ASP.NET* called cookieless sessions. It works by injecting your session ID into every URL, so ASP.NET can tell the difference between user A who visits a page, and user B who visits the same page. Normally this is accomplished with cookies, but this approach removes the dependency on the end-user having them enabled.
From MSDN:
...you don't have to change anything in your ASP.NET application to enable cookieless sessions, except the following configuration setting.
<sessionState cookieless="true" />
*The concept is not exclusive to ASP.NET, but it is baked into ASP.NET and - as you've discovered - can be turned on with no particular effort on the part of the developer.

Related

Losing Session information after publishing an ASP.NET Website on IIS

I'm a beginner in ASP.NET 2.0.Probably this could sound too basic and stupid issue for someone expert in the ASP.NET.But this is giving me sleepless nights.
Basically i have developed a simple multilingual website with a master page and content pages which fills inside the content place holder portions of the master page. The application works great when it is configured to run on the ASP.NET Development Server 2.0. But once i publish it to run on the IIS web server it will no longer function. :( I could see from the trace that none of the session variables i use are stored and redirected to the relevant content pages.
Although the contents are displayed, the session variable values by which i take some decisions on the redirected pages are lost and i run into exceptions.
Please guide me where am i going wrong and exact procedure for Publishing an application.
Ex: my home page has URL which runs something like
http://localhost/Onlineupdate/Home.aspx?vers=1.1&lang=fr-FR
Based on the above URL, i strip and save the vers and the lang variables in a Session variable. However these are lost when hosted on IIS.
There are a dozen or so things that could cause the session data to be lost:
IIS restarting
The app pool restarting
due to a change to the web.config
due to a change to anything in the \bin directory
memory limit reached, or a bug causing the app pool to reset.
several other possible causes
Your host is actually a web farm, and you're using in-process memory, which will cause issues when one server fails over to the other, unless you're using SQL Server session state mode.
Since we don't have enough information to answer exactly what's happening in your specific situation, I'd ask you to start by reading up, starting here: http://msdn.microsoft.com/en-us/library/ms178581.aspx
Edit: I did find this blog article, which may be helpful: http://blogs.msdn.com/b/amenon/archive/2007/08/21/troubleshooting-session-loss.aspx
The following is not necessarily part of the answer, but added to try to be helpful.
If it's feasible, from my own personal experience, we've had success in eliminating our lost session issues by using the SqlServer Session State mode. Since we implemented this, our session issues have all but disappeared.
also i found the main problem that you should initialize session before use
like:
session[“id”]=””;
and after that it well work fine
In order to prevent this to happen first in the web.config set restartOnExternalChanges to false.
Now in web.config changes must be propagated manually(this means that the dev is now responsible to build a mechanism for config change propagation).
Hint: You can use file watcher for this that will listen for the web.config (or any config you use in you web. app) for changes and wrap it as a watchable configuration so you can reload the configs when they are changed.
Hope this helps
I faced the same issue in my ASP.NET MVC website .
and i have resolve it by next steps :
open IIS Manager
go to the application pools
right click on the application pool which related to your website
click on "Advanced Settings"
set "Idle Time-out (minutes)" to be "20"
set "Maximum Worker Processes" to be "1"
Click Ok to close the window
these steps has resolved my issue.

Simple redirect in IIS7 to another page?

We are taking our website offline for approx an hour today and I want to redirect all traffic to an offline default page I created within the folder "offline" and the file is default.aspx. I tried using IIS7 HTTPRedirect by checking "Redirect requests to this destination;" and entering in the URL "http://webtest.ipam.ucla.edu/offline" but I am receiving a "Internet Explorer cannot display webpage" error.
please help.
I'm assuming as you're on IIS7 that your app is in ASP.NET - if not, please ignore this:
There's a nifty little feature that if you place an app_offline.htm file in the root directory of your ASP.NET application, it will have the net effect of taking your application offline.
What is the detail you see in your "Internet Explorer cannot display webpage" error? Is it really that generic or do you get some detail?
Addendum
An alternative is to add something like this into the web.config of your asp.net app (which will allow dynamic pages:
<system.webServer>
<httpRedirect enabled="true" destination="http://myurl.com/offline.aspx" />
</system.webServer>
The issue with using this approach is while you're uploading new assemblies, there is a chance your application will crash when someone hits it (giving them confusing errors) while you're making changes. Consequently, the offline.aspx page may not show properly - your mileage may vary, but this is why it's generally considered a better practice to use app_offline.htm.

Weird ASP.NET MVC links with (A(anythingworkshere))

Google's webmaster tools has started showing some very strange internal links for my site. It appears "normal", but I'm not sure what to make of it. If you use parentheses and put in a single letter, then put literally anything in parentheses after that, the link works. I did a search for any other MVC sites so I could see if they had the same behavior. Microsoft's site came up at the top of the list with an odd link as well. The search terms were "asp.net mvc site" and the first link I got was for:
http://www.asp.net/(S(d35rmemuuono1wvm1gsp2n45))/mvc
I don't like this at all. You can change the S to an A or any other letter, and then put any text you want in the next section. Anyone know how to stop it? For the life of me I can't see anything wrong with my routes. I used MVC so I wouldn't have strange url's floating around in search engines so this is pretty disappointing.
Nearest I can guess from the Google "internal links" list is that it may be a cookie. But I can't find any circumstance when I view the source on my site where I see anything but the proper relative links.
That looks like the Session ID format used when cookieless sessions are turned on (<sessionState cookieless="true" /> in Web.config). This appears to be general ASP.NET behavior, not just MVC, as I was able to reproduce this behavior with a standard 3.5 Website project in VS 2010.
It seems that ASP.NET will process values in that form as if it were a Session ID, even if you do not have cookieless sessions turned on.
It's hard to diagnose the situation without seeing your actual site configuration and logs, but if I had to guess, I'd say that the Google webmaster tools are not returning the session cookie to your site in the request, so the site is falling back to cookieless method in an attempt to maintain the session.
This is for cookieless sessions.
Since google is scanning with a bot, its using the cookieless session.
More info:
Asp.net cookieless sessionId url location

ASP.Net when post back get The specified URL cannot be found

When clicking the save button on a asp.net web form page, I get the following immediately:
The specified URL cannot be found
This does not happen when I try this using a browser on the web server.
Has anyone run across this problem before? Is this some kind of security issue?
More information. I tried a test page that included all of the form fields and a button that didn't do anything but write to a log4net log. Same problem on the button click. This is just weird.
Found the solution to this!!! Turns out the firewall was blocking request that had more then 40 parameters in the query string.
Could you provide a bit more information?
This could be caused by a lot of things:
Is IIS configured properly for the site? Authentication, host header settings?
Did you try http://localhost/.. on the webserver or did you use the webserver's host name?
Are you redirecting the user? What are you doing in the button event?
Are you using URL routing? Or a handler that might be causing problems?
What version of the .NET framework are you running? 1.1 / 2.0 / higher?
Does the page include javascript that could cause unexpected results?
Checked for crazy stuff in your web.config?
Sometimes it's a good idea to take a step back and create a new ASPX page and test if that one works. Start from a predictable scenario and move towards your current scenario in baby steps.

Re-publishing an ASP.NET Web Application While Site is Live

I am trying to get a grasp on how to handle updates to a live, functioning ASP.NET (2.0 or greater) Application while there are users on the site.
For example, suppose SO is an ASP.NET Web Application project. The project code compiles down to the single .DLL in the BIN folder. Now, there are constantly users on SO, so what would happen to users' actions/sessions if you would use the Visual Studio .NET "Publish" feature (or just FTP everything again manually) while they are using the site?
Would creating an ASP.NET Web Site, instead, alleviate any problems that may or may not exist with the scenario above? I am beginning to develop a web site as a user-driven Web Application, and I want to make sure that my inexperience with this would not potentially annoy the [potentially] many users that I [want to] have 24/7.
EDIT: Sorry, I should have put this in a more exact context. Assume that this site is being hosted by a web hosting service with monthly fees. I won't be managing the server itself, just what the web host allows as a user of their services.
I create two Web sites in IIS. One is the production Web site, and the other is a static Web site with an HttpHandler that sends all requests to a single static "We're updating" HTML page served with an HTTP 503 Service Unavailable. Typically the update Web site is turned off. When it's time to update, we stop the production Web site, start the update Web site, and now we can fiddle with the production Web site all we want without worrying about DLLs being locked or worker processes needing to be spun down.
I started doing this because
App_Offline.htm really does not work well in Web Gardens, which we use.
App_Offline.htm serves its page as 404, which is bad if you're down for a meaningful period of time.
We can start the upgraded production Web site with modified settings (only listening on localhost), where we can do a last-minute acceptance/verification that everything is working before we flip the switch, turning off the update Web site and re-enabling the production Web site.
Things this does not solve include
Any maintenance that requires a restart of the server--you still have downtime where no page is served.
Any maintenance that diddles with the .NET runtime, like upgrading to the latest service pack.
Other approaches I've seen include
Having two servers. Send all load balancing requests to one server, upgrade the other one; then rinse and repeat. Most of us don't have this luxury.
Creating multiple bin directories, like bin-1.0.0.0 and bin-1.1.0.0 and telling ASP.NET which bin directory to use in the web.config file. (One advantage of this is that reverting to a previous binary is just editing a config file. A disadvantage is that it's harder to revert resources that don't end up in your binaries, like templates and images and such.) I don't remember how this actually worked--I think the application did some late assembly loading in its Global.asax based on its own web.config section (since you touched the web.config, the app had restarted, so it was okay).
If you find a better way, let me know!
Changing to the asp.net web site model won't have any effect, as the recycle will also happen, some of changes that trigger it for sure: web.config, global.asax, app_code.
After the recycle, user will still be logged in because asp.net will just validate the syntax. That is given you use a fixed machine key, otherwise it will change on each recycle. This is something you want to do anyway as other stuff can break if the key change across requests i.e. viewstate validation, embedded resources (decryption of the url fails).
If you can put the session out of process, like in sql server, you will avoid loosing the session. If you can't, your code will have to consider that. There are plenty of scenarios where you can avoid using session, and others were you can wrap it and re-retrieve the info if the session was cleaned. This should leave you with a handful specific cases that you know can give trouble to the users, so for those you do some of the suggestions others have already made.
One solution could be to deploy your application into a load balanced environment (web farm).
When deploying a new version you would use the load balancer to redirect requests to the server you are not deploying to.
App_offline.htm is great solution for this I think.
in SO we see application currently unavailable page when a deployment begins.
I am not sure how SO handles it.. But we usually put a holding page. So what ever the user has done (adding question or answering questions) does not get updated. As soon as he updates something he will see a holding page asking him to try after sometime.
And if I am the user I usually press the back button to make sure what I entered is saved in the browser history so that I can post later.
Some site use use are in clustered environment so I take one server offline and inform the load balancer that she will not be available and once I make sure that the new version is working fine I make it live.. I do the same thing for the next server.
Do we have any other option?
It is not a technical solution, but set up a scheduled maintenance window. You can annoucement in advance giving your user base fair warning that there is a possiblity that the application will not be available during that time frame.

Resources