ASP.NET Session Variables Not Sticking
February 25th, 2010 | 
Author: 
I’ve stumbled across this problem twice in the last couple of months so I figure it is about time I blogged about it.
The situation is that you have a page on your web site that sets a session variable and then redirects to another page that is expecting the variable to be there, only it isn’t there.
The first time this happened it was a browser specific (Internet Explorer) issue.
The second time it happened it seemed to be an email client specific issue.
The root cause in both cases is that the application was being framed. In the first case a page on a domain was framing the two page application on another domain. Because of this, the P3P security protection in IE was preventing cookies from sticking. Since sessions are primarily cookie based, the sessions were not sticking. The easy way to solve this issue is to add the P3P security headers to your pages.
The second time this happened was a bit more puzzling. But once we broke out Fiddler we were able to see that once again the cookies were not sticking. Just like when we had intentionally framed the application. In this case, the web-based email client was not adding target=”_blank” to the email so that a new window would be created.
Lesson learned. If you are sending hyperlinks in email, add target=”_blank” to the link so that the link will still work in lame web-based email clients that don’t do this for you.
Other Related Items:
The Good, the Bad, and the Undead (The Hollows, Book 2)It's a tough life for witch Rachel Morgan, sexy, independent bounty hunter, prowling the darkest shadows of downtown Cincinnati for criminal creatu... Read More >
The Gigglebellies Musical AdventuresMeet the lovable GiggleBellies!
Watch them giggle and wiggle right into your little one's hearts.
Engaging award winning animation that combines color... Read More >
Related Post
Posted in 
Tags: 
