Last post Feb 21, 2012 04:06 PM by roopeshreddy
Feb 17, 2012 04:57 PM|castlehills|LINK
I have a pdf and few plain html files in a folder under an asp.net application. The files have some links to different application areas. When a user directly access these files (assume they are clicking from an email) which are not server side files, will
a new session be created? I think a new session will be created though it is an html file and later an aspx page can check for the session cookie. My intention is to find the referrer is a pdf file in an aspx page and also check whether the session cookie
available on the users computer. Any comments?
Feb 17, 2012 05:14 PM|Muhammad Fakhr Elden Sami|LINK
ASP.Net creates a session in the first Http request to the web site, whatever, it is Html page or even a picture.
You can check that by putting a breakpoint in the Session_OnStart method in the global.asax file and see what will happend
For undestanding more the .asax file, please see that http://msdn.microsoft.com/en-us/library/szzd570s(v=vs.71).aspx
Feb 17, 2012 07:44 PM|castlehills|LINK
Thanks for the clarification. Though the session is created, I wont be able to depend on the session id. In asp.net 2.0, there is a change where a new session id is created when the session is accessed. So, I don't think I can reply on the session id between
the time when the pdf file is accessed to a page where the session object is accessed for the first time.
Feb 18, 2012 04:11 AM|Muhammad Fakhr Elden Sami|LINK
I think this is not right a new session id is created when the session is accessed,
as the session object is created once in the first request, then you can access it as you want, untill it is timed out after the user idle time
Feb 20, 2012 07:47 AM|Dave Sussman|LINK
Actually, a session might not be created. For files that ASP.NET doesn't process, such as HTML files, IIS serves these directly and may not instantiate the ASP.NET pipeline at all, therefore you might not get any session. You can easily test this by using
the Session_Start event in global.aspx; just write something to a log file when the session starts, then access the html/pdf file.
If you want to ensure that a session is started, then you need to map those files to the ASP.NET process. See
http://stackoverflow.com/questions/5178033/how-to-deny-access-to-a-file-with-asp-net-web-config-but-not-just-locally - the long answer at the end shows how to do the mapping in IIS.
Feb 21, 2012 02:57 PM|roopeshreddy|LINK
I think it depends on the IIS Server!
If you use IIS 6/7 - Classic Mode, then it won't create Session! In this case, only registered handler(.aspx, .ascx etc.,) requests will pass through the ASP.NET pipeline!
If you use IIS7/7.5 - Integrated Mode, then it may create session! In this case, all requests will pass through the ASP.NET pipeline! ie., including all Static files!
Hope it helps u...
Feb 21, 2012 04:00 PM|castlehills|LINK
I'm using 7.5.
The session id behavior where a new session id is created after the first access to a session variable is a asp.net 2.0 change. I'm wondering is there a setting to keep the session id the same throughout the session.
Feb 21, 2012 04:06 PM|roopeshreddy|LINK
Store some data in Session, so that it will be Unique for the entire session in ASP.NET 2.0!
If you didn't store any data and if you simply call Session.SessionID, then it will create unique ID for every call to it! Inorder to have a unique session id for the entire session, store some data!