Last post Feb 07, 2021 02:31 AM by bruce (sqlwork.com)
Nov 22, 2014 11:36 AM|Gambit|LINK
I have a .Net 4.0 web app running Forms Authentication, running on IIS 7.5
<forms loginUrl="Default.aspx" defaultUrl="Default.aspx" name=".ASPXFORMSAUTH" timeout="60000" slidingExpiration="true" cookieless="UseCookies" />
I have a strange issue where if I attempt to hit a page that has missing image it gives a 302 error but it overwrites my cookie and therefore causes session to drop. I cannot put my finger on where or how this is happening
GET /Lottery/media/LotteryMediaLibrary/IWG/Gold_Fish_Toon.jpg HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E; BIZ!)
Accept-Encoding: gzip, deflate
Cookie: CMSPreferredCulture=en-IE; cookie_decision=true; CMSPreferredUICulture=en-gb; CMSCookieLevel=1000; VisitorStatus=21059204509; CMSSplitMode=0|ga-IE|Vertical|1; ASP.NET_SessionId=2khfudsvwzqpk421vdc1domd; .ASPXFORMSAUTH=F6FE2449DBD1CF7EDC144A8C8E36C4C59D9FFF9A7414EA2BC4201C39129BD7FA93D0CD8D8B7DE06AA4FDEA7DE37A1DE3D1954EC89486857865F9E87AF7F016B3E4C95896D0D3CD409E16569276CFC04E2928FA8C0246D48F0F2F4EE9076CC984EDF40CD8ABF8A37C408F0DF6C34FAB7C5ED8031476B2873FB6427BE26D9B2FE5C6783E9B5D0EA6BCFC7F58C1C2D4119E
HTTP/1.1 302 Found
Set-Cookie: .ASPXFORMSAUTH=; expires=Mon, 11-Oct-1999 23:00:00 GMT; path=/; HttpOnly
Date: Sat, 22 Nov 2014 16:29:29 GMT
I can see it is doing a Set-Cookie but cant workout how to either prevent this, or pass my current cookie back
Any help is greatly appreciated.
Nov 22, 2014 12:04 PM|PatriceSc|LINK
Do you have some kind of processing in place for 404 errors? Where it is supposed to redirect?
I would have expected a 404 so for now it looks like there is some kind of custom handling for this "image not found" condition that would cause this issue as an unexpected consequence.
What happens if you are trying to reach the same image location directly by typing the path in your browser address bar?
Nov 27, 2014 04:02 AM|Summer - MSFT|LINK
About your issue, I think the links below maybe helpful for you, you could have a look at it.
Jan 28, 2021 12:13 PM|mazharqayyum|LINK
Hi @Craig, I am facing the same issue. I wonder if you ever found a solution for this issue? This is a really annoying issue, I can see different references of it around internet but no solution. I would really appreciate if you have something
to add in this regards.
Feb 07, 2021 02:31 AM|bruce (sqlwork.com)|LINK
the browser is asking for
and redirect to the same url is returned with a deleted cookie. I assume it’s a different vdir than the calling page
and it clears the cookie because it can not decode it. Both sites appear to set the cookie path to the root rather than their vdir.