Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > Client browser sending wrong ASP.NETSessionid in a cookie

Reply
Thread Tools

Client browser sending wrong ASP.NETSessionid in a cookie

 
 
Niko
Guest
Posts: n/a
 
      10-17-2006
Hi

I have a big problem with some browser setting wrong ASP.NETSessionid in
a cookie, and the result is that asp.net 1.1 always assigns new session to
the client. I checked what is going on and I noticed that the broswers set
the sessionid inside quotation marks and I guess that ASP.NET 1.1 can't parse
this and just assigns new session to the client. So my question is can I
somehow intercept the request and fix this session id by my self or is there
some other way to go around this problem!

tnx


 
Reply With Quote
 
 
 
 
Cowboy \(Gregory A. Beamer\)
Guest
Posts: n/a
 
      10-17-2006
Yes, you can intercept calls with an HTTP Handler, and do whatever you want
with the raw request, including cookies. I am not sure how easy it is to
dink with the session cookie, but you can reverse engineer some of MS's
stufff to see how to pull from the encrypted cookie, as you will have a raw
stream. I would consider checking the machine keys first (regen on a site
that creates keys?), as that is a possible point of failure.

I am not sure what causes the issue. Where are you setting the cookie?
Traditional ASP app? ASP.NET 2.0? JavaScript?

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA
http://gregorybeamer.spaces.live.com

*************************************************
Think outside of the box!
*************************************************
"Niko" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) om...
> Hi
>
> I have a big problem with some browser setting wrong ASP.NETSessionid in a
> cookie, and the result is that asp.net 1.1 always assigns new session to
> the client. I checked what is going on and I noticed that the broswers set
> the sessionid inside quotation marks and I guess that ASP.NET 1.1 can't
> parse this and just assigns new session to the client. So my question is
> can I somehow intercept the request and fix this session id by my self or
> is there some other way to go around this problem!
>
> tnx
>
>



 
Reply With Quote
 
 
 
 
Niko
Guest
Posts: n/a
 
      10-17-2006
Hello Cowboy (Gregory A. Beamer),

I didnít know that, I thought that HttpHandlers are not low level enough
to do that. I could write a simple ISAPI filter and do that, but they donít
like the idea.

Well Iíll try to alter the cookie with HttpHandler


> Yes, you can intercept calls with an HTTP Handler, and do whatever you
> want with the raw request, including cookies. I am not sure how easy
> it is to dink with the session cookie, but you can reverse engineer
> some of MS's stufff to see how to pull from the encrypted cookie, as
> you will have a raw stream. I would consider checking the machine keys
> first (regen on a site that creates keys?), as that is a possible
> point of failure.
>
> I am not sure what causes the issue. Where are you setting the cookie?
> Traditional ASP app? ASP.NET 2.0? JavaScript?
>
> *************************************************
> Think outside of the box!
> *************************************************
> "Niko" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) om...
>> Hi
>>
>> I have a big problem with some browser setting wrong ASP.NETSessionid
>> in a cookie, and the result is that asp.net 1.1 always assigns new
>> session to the client. I checked what is going on and I noticed that
>> the broswers set the sessionid inside quotation marks and I guess
>> that ASP.NET 1.1 can't parse this and just assigns new session to the
>> client. So my question is can I somehow intercept the request and fix
>> this session id by my self or is there some other way to go around
>> this problem!
>>
>> tnx
>>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
question about sending cookie to client computer Eric ASP .Net 1 12-27-2008 02:25 PM
Sample code to pass session and cookie from browser to rich client. Mitch Java 1 08-11-2006 07:21 PM
HTTP, client cookie and client form handling Yannick Turgeon Ruby 2 08-24-2005 12:22 AM
Session cookie? Browser instance cookie? Ben ASP .Net 3 06-03-2004 03:41 AM
Sending a TXT file to a browser client ko ASP .Net 2 08-29-2003 02:15 PM



Advertisments