My asp.net application works fine when launched from its own browser, but when its launched from another web application (sharepoint webpart) using window.open it works until the user clicks and posts back, then the session is lost.
I think its related to cookies, because when I set the session state to be cookieless everything works fine.
Why does the sesssionid get lost in the NEW application when launching the app using window.open? I would like each application to have its own session cookie, I've tried setting the name of the cookie but the same thing happens, on the first post back the sessionid is lost??
Please help?
Sharepoint manages it's own session. Sessions are tied to applications (URI). You would need to share some sort of login token between applications.
check out:
http://forums.asp.net/t/1335229.aspx
http://forums.asp.net/p/1356006/2781938.aspx
What browser are you using?
IE6 has this exact issue, possibly newer versions as well.
Refer to Microsoft Support
drop window.open(). use links with tarket="blank". if you need to call them from JS just do
link.click() on it.
Related
I have a problem with my asp.net web application, its cookies gettting cleared from the browser automatically on some specific systems only. Any help or suggestion will be appreciated.
My team have a big problem with a developed website. We have a page where We need to open three or four tabs, We used window.open and everything worked fine in testing area. But, in production with a load balancer (sticky session configured) when window.open is executed, It creates a new session, We saw in the logs that the request is redirected to other server when window.open is executed.
I've seen other links in stackoverflow like IE8 losing session cookies in popup windows
But the problem is that It happens also in Firefox, any clue about this kind of problem?
BTW, Our app is a ASP .Net MVC 4.5 website.
Second part of your question is pointing to a problem on the client side.
But if I read your problem it looks like a problem on the server side.
I think that your session pool over the load balancer has a problem.
Maybe try a simple page that shows your sessionId on a page and run that in your server farm for testing. make shure that the problem is not in your app but at server level.
edit after questionar reply:
Is your cookie set domain wide?
what happens if you open more tabs manually?
Is it a browser domain cookie handler problem (then the manual tabs will not work)
Or is it a javascript handler problem. (then the manual tabs will work)
I'm working on adding a new webapp to an existing website. I've been directed to write the webapp in ASP.NET. The existing website is written in ColdFusion. For the most part, the ASP.NET webapp is completely stand-alone, but it needs to interact with the ColdFusion code in one important way - if somebody logs in to the ColdFusion site, we don't want them to have to log in again when visiting an ASP.NET page.
When someone logs in to the ColdFusion site, their username is stored in a cookie, along with a login token that can be looked up in our database. My .NET is a little rusty, so I'm having trouble visualizing how the ASP.NET code should use this data. I've already written a simple MembershipProvider that can be used to log in/out out the ASP.NET app using the data in our existing database tables, which are shared with the ColdFusion code.
What I'd like to know is - how can I make sure the ASP.NET app detects the cookies set by the ColdFusion app (I imagine they'd be sent to the ASP.NET pages, since everything is hosted on one domain), and automatically logs the user in using the MembershipProvider and Forms Authentication, using the credentials supplied in the cookie? I'm thinking that putting some kind of cookie check and log in function in the Global.asax file, set to run every page load for every page... but that seems kind of clunky. Also, do people still use the Global.asax file anyway? I had thought there was a more modern method.... Also, how can I manually log someone in using Forms Authentication and a custom membership provider? Currently my code allows the user to log in using the provided login control, but I'm not sure how to log the user in without them having to do anything.
Thanks in advance for any help. Looking over the MembershipProvider tutorials and the MSDN documentation it seems to me like the answer should be staring me in the face, but for some reason I just can't see it. Maybe not enough coffee....
Not sure if this is what you're looking for:
FormsAuthentication.SetAuthCookie("the username goes here",false);
Reference
I'm a CF developer ususally, but we had to do some integration with a .NET application recently and the way we approached it was to keep the CF and .NET sessions separate but ensure that login happened on both so when the user moved from one to the other they were still logged in.
So is there perhaps a way for you to hit your ASP.NET application with a request to login a user when you login using the CF application? Perhaps you could have an iframe on the page that you can load when the CF login is complete that holds a login service for the .NET app?
This way you would not need to worry about one app server reading the other app server's cookies, instead there would be two sets of cookies, one for ASP and one for CF.
Hope that helps!
The way I would approach it, is I would have a specific page that acts as a liaison between the CF and .NET layer. That page would implement your business layer and just check to see if the Cookie is there, if so read it in, do the lookup and login the user or whatever business logic that needs to be done. How would you accomplish the login/authentication, well that’s all based on your login/authentication code.
The only link I can offer is the basic of cookies in ASP.net
http://msdn.microsoft.com/en-us/library/aa289495(v=vs.71).aspx
Edit: found another link that might be helpful.
http://www.aspnettutorials.com/tutorials/network/cookies-csharp.aspx
An ASP.NET application (actually with Silverlight but it doesn't matter) is hosted in Outlook as folder home page. In this application there's a link to open popup window, which opens a separate IE window, not in Outlook.
The problem is that in this case it seems that ASP.NET session is lost. A call to ASP.NET service has nothing in Session and Session._id is different. I suspect that Outlook has different cookies than IE.
How do I preserve session when opening IE popup from Outlook? Maybe pass session id via URL somehow, or configure this in web.config?
Note that I don't want cookieless sessions.
I ran into this problem in the past and was never able to find a way around it since the browser in outlook is running under a totally different process and it's not even a typical IE environment. I had issues with pass through authentication as well if I recall.
When the same behavior is done in IE directly, it actually opens another window using the same session.
To recreate the process in IE that is occurring in Outlook just open an IE windown and go to your app. Then open a new IE window by clicking the shortcut (not spawning it from the current IE session) and copying and pasting a link into the address bar. This is essentially what Outlook is doing.
I would try passing the value of the user's ASP.NET_SessionId cookie in the url from Outlook, then on the page that's opened in IE check for that value on the url and duplicate the ASP.NET_SessionId cookie in the response before loading the page (perhaps in an IHttpModule before the session has even been loaded for the request).
I'm not 100% sure this would work in case ASP.NET has some built-in session hijacking security in place that would prevent you from manually duplicating the session cookie somehow, but that's where I would start.
I dislike it when I lose the session state of my ASP.NET web app when changing code.
Losing the session state means I have to log in over and over again. It's annoying.
Is there anyway I can reconfigure my app so that I can make changes to code and not have to re-authenticate to view those changes?
(I know that changing .ASPX files does this fine. My concern is over App_Code and Bin compiled code.)
Unfortunately changes in the web.config or in dll's in the bin folder will cause an application reload and there is nothing you can do about it, AFAIK.
I wonder what will happen if you will store session state in StateServer. Maybe it will work ( I will be surprised if it does).
If you are in a developer environment you can try disabling logging into the site, or when the site checks for authentication just return your default authentication. For production, a StateServer will help as Igal pointed out.
One last option, store the login information in Session, but as a backup to that use a login table in your database to be able to restore a user's authentication status from a cookie. Obviously, consider security implications.
By changing your StateServer to use your machine (enabling the ASP.NET State Service), you won't lose your login.