Home » none » ASP.NET Session Variables Not Sticking

ASP.NET Session Variables Not Sticking

J01C0089I’ve stumbled across this problem twice in the last couple of months so I figure it is about time I blogged about it.

The situation is that you have  a page on your web site that sets a session variable and then redirects to another page that is expecting the variable to be there, only it isn’t there.

The first time this happened it was a browser specific (Internet Explorer) issue.

The second time it happened it seemed to be an email client specific issue.

The root cause in both cases is that the application was being framed.  In the first case a page on a domain was framing the two page application on another domain.  Because of this, the P3P security protection in IE was preventing cookies from sticking.  Since sessions are primarily cookie based, the sessions were not sticking.  The easy way to solve this issue is to add the P3P security headers to your pages.

The second time  this happened was a bit more puzzling.  But once we broke out Fiddler we were able to see that once again the cookies were not sticking.  Just like when we had intentionally framed the application.  In this case, the web-based email client was not adding target=”_blank” to the email so that a new window would be created.

Lesson learned.  If you are sending hyperlinks in email, add target=”_blank” to the link so that the link will still work in lame web-based email clients that don’t do this for you.

Like this Article? Subscribe to get every article sent to your email.

Related Post

  • Test Sending Email without a Server in ASP.NETTest Sending Email without a Server in ASP.NET By now, most people are familiar with the fact that ASP.NET will send mail from the codebehind by simply adding a few lines to your web.config file and adding another few lines of code in […]
  • Templated E-Mail using .NETTemplated E-Mail using .NET One thing I’m pretty consistent about is letting the computer do most of my work for me.  As a “programmer” I really don’t like to program.  I prefer to solve problems. You’ve […]
  • Type Safe Session VariablesType Safe Session Variables This may be obvious to everyone else on the Internet.  Heck, it's been obvious to me for several years.  But I can’t find anyone else writing about this and it makes so much […]
  • DotNetNuke Modules – Creating Base ModulesDotNetNuke Modules – Creating Base Modules Now that we have DotNetNuke installed into Visual Studio we can go ahead and create our first modules. Actually, creating the modules is pretty simple. But it is even easier to do it […]
  • Managing EmailManaging Email I recently started using a product called Clear Context that does a much better job of integrating Outlook's email with Outlook's calendar. The two things I like best about it are that it […]

About Dave Bush

Dave Bush is a Full Stack ASP.NET developer. His commitment to quality through test driven development, vast knowledge of C#, HTML, CSS and JavaScript as well as his ability to mentor younger programmers and his passion for Agile/Scrum as defined by the Agile Manifesto and the Scrum Alliance will certainly be an asset to your organization.

  • http://www.gmc.com Laser

    Thanks for the information, but why use Session variables in the first place? Sessions are like globals. If you are redirecting to another page, pass the information in the URL.

    • Dave

      There is a time and place for Session variables. Just like there is a time and a place for global variables. If I remember correctly, the issue here was that we didn’t want the information we were passing visible to the user in any way. With that as a requirement, passing data as part of the URL and as a cookie were both out of the question.