Last post Jun 29, 2018 06:17 AM by Nan Yu
Jun 28, 2018 02:58 PM|Priyanka3008|LINK
Hi, I am working on a web application designed using ASP.net with MVC framework. I have used session data to store user specific data. Recently, it has been suggested to use path specific session cookie, to implement session security. However, when I add
path to the session cookie, then I lose the session data at every call to the controllers. What am I doing wrong, and how can I implement session path along with making sure that the session data is not lost?
I have used State Server session mode.
Jun 29, 2018 06:17 AM|Nan Yu|LINK
Please check how you set the path .From article ASP.NET Cookies Overview :
To limit cookies to a folder on the server, set the cookie's Path property, as in the following example:
HttpCookie appCookie = new HttpCookie("AppCookie");
appCookie.Value = "written " + DateTime.Now.ToString();
appCookie.Expires = DateTime.Now.AddDays(1);
appCookie.Path = "/Application1";
The path can either be a physical path under the site root or a virtual root. The effect will be that the cookie is available only to pages in the Application1 folder or virtual root. For example, if your site is called www.contoso.com, the cookie created
in the previous example will be available to pages with the path http://www.contoso.com/Application1/ and to any pages beneath that folder. However, the cookie will not be available to pages in other applications such as http://www.contoso.com/Application2/
or just http://www.contoso.com/.
To session cookie , this cookie contains only an id, not the actual values. The actual values could be stored either in the server memory, a separate process, or even SQL Server depending on the <sessionState mode="" in web.config. Then when later the client
sends another request it will send this cookie id to the server and given id the server will fetch the actual values.
The client browser stores those cookies in memory, meaning that if you close it, the session will be lost because session cookies are not persistent.