Client browser sending wrong ASP.NETSessionid in a cookie

Discussion in 'ASP .Net' started by Niko, Oct 17, 2006.

  1. Niko

    Niko Guest

    Hi

    I have a big problem with some browser setting wrong ASP.NETSessionid in
    a cookie, and the result is that asp.net 1.1 always assigns new session to
    the client. I checked what is going on and I noticed that the broswers set
    the sessionid inside quotation marks and I guess that ASP.NET 1.1 can't parse
    this and just assigns new session to the client. So my question is can I
    somehow intercept the request and fix this session id by my self or is there
    some other way to go around this problem!

    tnx
     
    Niko, Oct 17, 2006
    #1
    1. Advertising

  2. Yes, you can intercept calls with an HTTP Handler, and do whatever you want
    with the raw request, including cookies. I am not sure how easy it is to
    dink with the session cookie, but you can reverse engineer some of MS's
    stufff to see how to pull from the encrypted cookie, as you will have a raw
    stream. I would consider checking the machine keys first (regen on a site
    that creates keys?), as that is a possible point of failure.

    I am not sure what causes the issue. Where are you setting the cookie?
    Traditional ASP app? ASP.NET 2.0? JavaScript?

    --
    Gregory A. Beamer
    MVP; MCP: +I, SE, SD, DBA
    http://gregorybeamer.spaces.live.com

    *************************************************
    Think outside of the box!
    *************************************************
    "Niko" <> wrote in message
    news:...
    > Hi
    >
    > I have a big problem with some browser setting wrong ASP.NETSessionid in a
    > cookie, and the result is that asp.net 1.1 always assigns new session to
    > the client. I checked what is going on and I noticed that the broswers set
    > the sessionid inside quotation marks and I guess that ASP.NET 1.1 can't
    > parse this and just assigns new session to the client. So my question is
    > can I somehow intercept the request and fix this session id by my self or
    > is there some other way to go around this problem!
    >
    > tnx
    >
    >
     
    Cowboy \(Gregory A. Beamer\), Oct 17, 2006
    #2
    1. Advertising

  3. Niko

    Niko Guest

    Hello Cowboy (Gregory A. Beamer),

    I didn’t know that, I thought that HttpHandlers are not low level enough
    to do that. I could write a simple ISAPI filter and do that, but they don’t
    like the idea.

    Well I’ll try to alter the cookie with HttpHandler


    > Yes, you can intercept calls with an HTTP Handler, and do whatever you
    > want with the raw request, including cookies. I am not sure how easy
    > it is to dink with the session cookie, but you can reverse engineer
    > some of MS's stufff to see how to pull from the encrypted cookie, as
    > you will have a raw stream. I would consider checking the machine keys
    > first (regen on a site that creates keys?), as that is a possible
    > point of failure.
    >
    > I am not sure what causes the issue. Where are you setting the cookie?
    > Traditional ASP app? ASP.NET 2.0? JavaScript?
    >
    > *************************************************
    > Think outside of the box!
    > *************************************************
    > "Niko" <> wrote in message
    > news:...
    >> Hi
    >>
    >> I have a big problem with some browser setting wrong ASP.NETSessionid
    >> in a cookie, and the result is that asp.net 1.1 always assigns new
    >> session to the client. I checked what is going on and I noticed that
    >> the broswers set the sessionid inside quotation marks and I guess
    >> that ASP.NET 1.1 can't parse this and just assigns new session to the
    >> client. So my question is can I somehow intercept the request and fix
    >> this session id by my self or is there some other way to go around
    >> this problem!
    >>
    >> tnx
    >>
     
    Niko, Oct 17, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. ko
    Replies:
    2
    Views:
    380
  2. Ben
    Replies:
    3
    Views:
    5,863
    Steven Cheng[MSFT]
    Jun 3, 2004
  3. =?Utf-8?B?TnVubw==?=

    Convert a PHP cookie to an ASP.NET cookie

    =?Utf-8?B?TnVubw==?=, Jan 31, 2006, in forum: ASP .Net
    Replies:
    1
    Views:
    444
    =?Utf-8?B?UGV0ZXIgQnJvbWJlcmcgW0MjIE1WUF0=?=
    Jan 31, 2006
  4. Mitch
    Replies:
    1
    Views:
    534
    Oliver Wong
    Aug 11, 2006
  5. Eric
    Replies:
    1
    Views:
    296
Loading...

Share This Page