I should clarify my post. The session ID is being added to the URL correctly when using Html.BeginForm with the overloaded method but it is not adding the session ID using the parameterless Html.BeginForm() method.
Since cookie-less session were designed to support mobile devices which didn't support cookies, and such devices have now probably all disappeared, I'm curious why you're using cookie-less sessions.
This isn't something the framework handles automatically for you, and cookieless sessions aren't designed for this scenario. You can use hidden inputs to keep track of state, the Html.Serialize() helper from Futures, or WebForms + ViewState. What all of
these suggestions have in common is that they move the state you're trying to store out of Session and to the actual pages themselves.
This doesn't address the issue though. Html.BeginForm() is not putting the session ID in the URL with cookieless sessions while the overloads of the method are. We're also using cookieless forms authentication and I discovered that this is affecting it
as well.
Even something like "Html.BeginForm(null)" outputs this, the session ID and form cookie are being put in the URL correctly:
The site isn't very large and I've already coded the workaround into my forms, but this is something that the MVC team should look at. This is in MVC 2 RC.
Right. We have an internal tracking bug on this, but it won't be fixed for MVC 2 RTM. The scenarios for supporting cookieless sessions are rapidly dwindling, so we're less inclined to make a change to the product this late in the development cycle to support
it.
As a side note, I'm going to look at removing session completely from our app. We're only using it to track one small piece of data that I can easily implement through other means.
It would be nice to see cookieless forms authentication fixed, but I do have a usable workaround for now.
<div style="POSITION: absolute; OVERFLOW-X: hidden; OVERFLOW-Y: hidden; WIDTH: 1px; HEIGHT: 1px; TOP: 0px; LEFT: -10000px" id=_mcePaste>The Session state in any web technology depend on cookie at
the client end to store and resend session id back and forth between client browser and web server.</div> <div style="POSITION: absolute; OVERFLOW-X: hidden; OVERFLOW-Y: hidden; WIDTH: 1px; HEIGHT: 1px; TOP: 0px; LEFT: -10000px" id=_mcePaste>But Asp.net also
supports cookieless sessions with the following attribute addition in the web.config within system.web node.</div> <div style="POSITION: absolute; OVERFLOW-X: hidden; OVERFLOW-Y: hidden; WIDTH: 1px; HEIGHT: 1px; TOP: 0px; LEFT: -10000px" id=_mcePaste> </div>
<div style="POSITION: absolute; OVERFLOW-X: hidden; OVERFLOW-Y: hidden; WIDTH: 1px; HEIGHT: 1px; TOP: 0px; LEFT: -10000px" id=_mcePaste> </div> <div style="POSITION: absolute; OVERFLOW-X: hidden; OVERFLOW-Y: hidden; WIDTH: 1px; HEIGHT: 1px; TOP: 0px; LEFT:
-10000px" id=_mcePaste>With the above config setting, it carry the session id in the page url instead of cookie.</div> <div style="POSITION: absolute; OVERFLOW-X: hidden; OVERFLOW-Y: hidden; WIDTH: 1px; HEIGHT: 1px; TOP: 0px; LEFT: -10000px" id=_mcePaste> </div>
<div style="POSITION: absolute; OVERFLOW-X: hidden; OVERFLOW-Y: hidden; WIDTH: 1px; HEIGHT: 1px; TOP: 0px; LEFT: -10000px" id=_mcePaste>Please take a look at the following two page's Page_Load method code before we run them in both normal and cookie less mode.</div>
<div>The Session state in any web technology depend on cookie at the client end to store and resend session id back and forth between client browser and web server.</div> <div>But Asp.net also supports cookieless sessions with the following attribute addition
in the web.config within system.web node.</div> <div> </div> <div> </div> <div>With the above config setting, it carry the session id in the page url instead of cookie.</div> <div> </div> <div>Please take a look at the following two page's Page_Load method
code before we run them in both normal and cookie less mode.</div>
DVDTracker
0 Points
5 Posts
Is Using (Html.BeginForm()) broken with cookieless sessions and IIS 6?
Jan 22, 2010 09:37 PM|LINK
I have an MVC site that I've been developing and one of the requirements is cookieless sessions. When I use this code to start my forms...
<% using (Html.BeginForm()) { %>
I get the following output...
<form action="/MyAccount/Home/Login" method="post">
if I use one of the overloads to specifiy the controller, action, route values, etc...
<% using (Html.BeginForm("Login", "Home", new { ReturnUrl = Model.ReturnUrl }, FormMethod.Post)) { %>
I get the following output...
I found this issue after I deployed it to our IIS 6 server. It works fine in the Visual Studio development web server. Any ideas?
ignatandrei
All-Star
134511 Points
21576 Posts
Moderator
MVP
Re: Is Using (Html.BeginForm()) broken with cookieless sessions and IIS 6?
Jan 22, 2010 10:02 PM|LINK
Sorry,but if you want Session - the ASP.NET must "store" somewhere the current user.It can not put on cookie -so it puts into the URL...
Where do you want to put the information about Session ?
DVDTracker
0 Points
5 Posts
Re: Is Using (Html.BeginForm()) broken with cookieless sessions and IIS 6?
Jan 22, 2010 11:03 PM|LINK
I should clarify my post. The session ID is being added to the URL correctly when using Html.BeginForm with the overloaded method but it is not adding the session ID using the parameterless Html.BeginForm() method.
bradwils
Contributor
5779 Points
691 Posts
Microsoft
Re: Is Using (Html.BeginForm()) broken with cookieless sessions and IIS 6?
Jan 26, 2010 05:07 PM|LINK
Since cookie-less session were designed to support mobile devices which didn't support cookies, and such devices have now probably all disappeared, I'm curious why you're using cookie-less sessions.
DVDTracker
0 Points
5 Posts
Re: Is Using (Html.BeginForm()) broken with cookieless sessions and IIS 6?
Jan 26, 2010 05:36 PM|LINK
Multiple sessions in tabbed browsers.
levib
Star
7702 Points
1099 Posts
Microsoft
Re: Is Using (Html.BeginForm()) broken with cookieless sessions and IIS 6?
Jan 26, 2010 07:53 PM|LINK
This isn't something the framework handles automatically for you, and cookieless sessions aren't designed for this scenario. You can use hidden inputs to keep track of state, the Html.Serialize() helper from Futures, or WebForms + ViewState. What all of these suggestions have in common is that they move the state you're trying to store out of Session and to the actual pages themselves.
DVDTracker
0 Points
5 Posts
Re: Is Using (Html.BeginForm()) broken with cookieless sessions and IIS 6?
Jan 26, 2010 09:05 PM|LINK
This doesn't address the issue though. Html.BeginForm() is not putting the session ID in the URL with cookieless sessions while the overloads of the method are. We're also using cookieless forms authentication and I discovered that this is affecting it as well.
Even something like "Html.BeginForm(null)" outputs this, the session ID and form cookie are being put in the URL correctly:
While this "Html.BeginForm()" outputs this, missing both the session ID and the form cookie:
<form action="/MyAccount/Account/BillHistory/2001MTZ" method="post">
The site isn't very large and I've already coded the workaround into my forms, but this is something that the MVC team should look at. This is in MVC 2 RC.
levib
Star
7702 Points
1099 Posts
Microsoft
Re: Is Using (Html.BeginForm()) broken with cookieless sessions and IIS 6?
Jan 26, 2010 09:23 PM|LINK
Right. We have an internal tracking bug on this, but it won't be fixed for MVC 2 RTM. The scenarios for supporting cookieless sessions are rapidly dwindling, so we're less inclined to make a change to the product this late in the development cycle to support it.
DVDTracker
0 Points
5 Posts
Re: Is Using (Html.BeginForm()) broken with cookieless sessions and IIS 6?
Jan 26, 2010 10:03 PM|LINK
As a side note, I'm going to look at removing session completely from our app. We're only using it to track one small piece of data that I can easily implement through other means.
It would be nice to see cookieless forms authentication fixed, but I do have a usable workaround for now.
elizas
Member
106 Points
130 Posts
Re: Is Using (Html.BeginForm()) broken with cookieless sessions and IIS 6?
Mar 18, 2010 09:02 AM|LINK
<div style="POSITION: absolute; OVERFLOW-X: hidden; OVERFLOW-Y: hidden; WIDTH: 1px; HEIGHT: 1px; TOP: 0px; LEFT: -10000px" id=_mcePaste>The Session state in any web technology depend on cookie at the client end to store and resend session id back and forth between client browser and web server.</div> <div style="POSITION: absolute; OVERFLOW-X: hidden; OVERFLOW-Y: hidden; WIDTH: 1px; HEIGHT: 1px; TOP: 0px; LEFT: -10000px" id=_mcePaste>But Asp.net also supports cookieless sessions with the following attribute addition in the web.config within system.web node.</div> <div style="POSITION: absolute; OVERFLOW-X: hidden; OVERFLOW-Y: hidden; WIDTH: 1px; HEIGHT: 1px; TOP: 0px; LEFT: -10000px" id=_mcePaste> </div> <div style="POSITION: absolute; OVERFLOW-X: hidden; OVERFLOW-Y: hidden; WIDTH: 1px; HEIGHT: 1px; TOP: 0px; LEFT: -10000px" id=_mcePaste> </div> <div style="POSITION: absolute; OVERFLOW-X: hidden; OVERFLOW-Y: hidden; WIDTH: 1px; HEIGHT: 1px; TOP: 0px; LEFT: -10000px" id=_mcePaste>With the above config setting, it carry the session id in the page url instead of cookie.</div> <div style="POSITION: absolute; OVERFLOW-X: hidden; OVERFLOW-Y: hidden; WIDTH: 1px; HEIGHT: 1px; TOP: 0px; LEFT: -10000px" id=_mcePaste> </div> <div style="POSITION: absolute; OVERFLOW-X: hidden; OVERFLOW-Y: hidden; WIDTH: 1px; HEIGHT: 1px; TOP: 0px; LEFT: -10000px" id=_mcePaste>Please take a look at the following two page's Page_Load method code before we run them in both normal and cookie less mode.</div> <div>The Session state in any web technology depend on cookie at the client end to store and resend session id back and forth between client browser and web server.</div> <div>But Asp.net also supports cookieless sessions with the following attribute addition in the web.config within system.web node.</div> <div> </div> <div> </div> <div>With the above config setting, it carry the session id in the page url instead of cookie.</div> <div> </div> <div>Please take a look at the following two page's Page_Load method code before we run them in both normal and cookie less mode.</div>
asp.net aspnetdb