An ASP.NET application (actually with Silverlight but it doesn't matter) is hosted in Outlook as folder home page. In this application there's a link to open popup window, which opens a separate IE window, not in Outlook.
The problem is that in this case it seems that ASP.NET session is lost. A call to ASP.NET service has nothing in Session and Session._id is different. I suspect that Outlook has different cookies than IE.
How do I preserve session when opening IE popup from Outlook? Maybe pass session id via URL somehow, or configure this in web.config?
Note that I don't want cookieless sessions.
I ran into this problem in the past and was never able to find a way around it since the browser in outlook is running under a totally different process and it's not even a typical IE environment. I had issues with pass through authentication as well if I recall.
When the same behavior is done in IE directly, it actually opens another window using the same session.
To recreate the process in IE that is occurring in Outlook just open an IE windown and go to your app. Then open a new IE window by clicking the shortcut (not spawning it from the current IE session) and copying and pasting a link into the address bar. This is essentially what Outlook is doing.
I would try passing the value of the user's ASP.NET_SessionId cookie in the url from Outlook, then on the page that's opened in IE check for that value on the url and duplicate the ASP.NET_SessionId cookie in the response before loading the page (perhaps in an IHttpModule before the session has even been loaded for the request).
I'm not 100% sure this would work in case ASP.NET has some built-in session hijacking security in place that would prevent you from manually duplicating the session cookie somehow, but that's where I would start.
Related
My team have a big problem with a developed website. We have a page where We need to open three or four tabs, We used window.open and everything worked fine in testing area. But, in production with a load balancer (sticky session configured) when window.open is executed, It creates a new session, We saw in the logs that the request is redirected to other server when window.open is executed.
I've seen other links in stackoverflow like IE8 losing session cookies in popup windows
But the problem is that It happens also in Firefox, any clue about this kind of problem?
BTW, Our app is a ASP .Net MVC 4.5 website.
Second part of your question is pointing to a problem on the client side.
But if I read your problem it looks like a problem on the server side.
I think that your session pool over the load balancer has a problem.
Maybe try a simple page that shows your sessionId on a page and run that in your server farm for testing. make shure that the problem is not in your app but at server level.
edit after questionar reply:
Is your cookie set domain wide?
what happens if you open more tabs manually?
Is it a browser domain cookie handler problem (then the manual tabs will not work)
Or is it a javascript handler problem. (then the manual tabs will work)
I have an ASP.NET app which uses forms authentication with an option to persist cookie in the login screen. I am testing in local computer which means no web farms are used.
In Chrome and Firefox when I log in and persist cookie, then close the browser and then bring up the same page, I am already logged in. So far so good.
In IE however, when I load the same page after closing IE, I get the login screen instead of automatically being logged in. I checked the authentication cookie and noticed that the cookie is gone when I am in the login screen the second time. I see the cookie after logging in and I see it expires a month in the future. My guess the cookie gets deleted when IE closes. I don't know why this happens.
I have repeated this test several times. I see the authentication cookie after logging in but it's gone in the login screen.
"Empty temporary Internet Files Folder when browser is closed" is NOT checked in Tools->Advanced
I am using IE9 in IE8 standards mode in Windows 7 64bit.
Any ideas?
I didn't mention the fact the site uses https. In the test server where this issue occurred, I use a self-signed ssl certificate. When I installed my root authority cert, the problem seems to have gone. This issue happened in IE only.
There is a great blog from Erik Law about this. Check it for more details. Scroll down to section Troubleshooting Login Cookies. If you have specific question about anything, edit your question and let us know.
We are currently having an issue with cache settings on a shared workstation at one of our client sites. Basically, they had set their IE browser on their machine to "never" for when to check for new versions of a site. This causes some of our pages to show another user's data after one user logs out and logs back in. What are my options to prevent this type of behavior, aside from telling the users to not use that setting (which we can never really guarantee). The site is an asp.net 3.5 site.
I know one option is to set the page to never cache, but that will also cause users to lose the back button functionality on a lot of the site. So any other options would be helpful.
If you set caching to be on (from the server) you won't loose back button functionality, its just that clicking the back button will make a new request to the server rather than just displaying the page from cache. This is more secure, because it means if someones signs-out, another user can't click back to see what they had on their screen previously.
My asp.net application works fine when launched from its own browser, but when its launched from another web application (sharepoint webpart) using window.open it works until the user clicks and posts back, then the session is lost.
I think its related to cookies, because when I set the session state to be cookieless everything works fine.
Why does the sesssionid get lost in the NEW application when launching the app using window.open? I would like each application to have its own session cookie, I've tried setting the name of the cookie but the same thing happens, on the first post back the sessionid is lost??
Please help?
Sharepoint manages it's own session. Sessions are tied to applications (URI). You would need to share some sort of login token between applications.
check out:
http://forums.asp.net/t/1335229.aspx
http://forums.asp.net/p/1356006/2781938.aspx
What browser are you using?
IE6 has this exact issue, possibly newer versions as well.
Refer to Microsoft Support
drop window.open(). use links with tarket="blank". if you need to call them from JS just do
link.click() on it.
SUMMARY: When browsing an ASP.NET website using Windows Explorer, popup windows do not "borrow" the session cookie from the parent window.
DETAILS:
I'm working on an ASP.NET website (.NET 2.0). I use FormsAuthentication. It is a requirement to use cookies to handle the session.
On a page I have a button. When the user clicks it, a popup window is opened. The popup displays an ASPX page that uses session variables, previously set from the parent browser window. I've been testing the website using IE (6, 7, 8) and Firefox 2.0. On all these browsers, the popup window has access to the same session as the parent browser window and everything works ok.
I now have a bug raised by the client, stating that the popup window displays an error. Looking at the log file, I can see that it is a NullReferenceException at the moment the popup page tries to access the session variables. Talking with the client, he said that he opened the main website in Windows Explorer !!!
I've managed to recreate the issue on a test machine and saw that the popup is using a new session.
The machine must have Win XP an IE6 installed ! With IE7 the website works ok.
My suspicion here is that when opened from Windows Explorer (not that I fully understand what you mean by this), the session cookie that is being sent back is not stored anywhere and thus not available for the pop up window to include with its request. I don't see how you can get around this. Is it not possible to tell the client that this means of accessing the application is not supported?
I have seen the same issue with IE 8 , the issues does not occur in Firefox, Google Chrome or IE 6 . In my case I can see that the Session is actually working bu the Authentication terminates redirecting the user to the login page again for him to login...