Getting rid of session cookie ("ASP.NET_SessionId")

  • Thread starter Daniel Michaeloff
  • Start date
D

Daniel Michaeloff

Hi all,

I have an application that when finished redirects to a non-ASP.NET app
which is choking on a huge ASP.NET session cookie. The cookie
"ASP.NET_SessionId" gets transmitted by the browser (IE6 in test case)
despite trying Microsoft's suggested method of expiring the cookie first.

I'd like to be able to kill the cookie and do a Response.Redirect() from
within a server-side button handler, but I'm to the point now where I'm
instead redirecting to a third .aspx page whose only job is to remove the
cookie and have a hyperlink out. In its Page_Load:

{
System.Web.HttpContext.Current.Session.Abandon();

HttpCookieCollection cookieColl = HttpContext.Current.Request.Cookies;
String[] names = cookieColl.AllKeys;
System.Web.HttpContext.Current.Trace.Write(String.Format("{0} cookies:",
names.Length));
for (int i = 0; i < names.Length; i++) {
HttpCookie cookie = cookieColl[names];
System.Web.HttpContext.Current.Trace.Write(String.Format(" {0}",
names));
cookie.Expires = DateTime.Now.AddDays(-1);
cookie.Domain = "invaliddomain";
cookie.Path = "invalidpath";
cookie.Value = "invalidvalue";
Response.Cookies.Add(cookie);
}
}

.... but on clicking the hyperlink, the cookie yet lives.

Any ideas? Is this something specific to IE6 perhaps, some security update
that special-cases ASP.NET cookies? Any help is appreciated.

Thanks,
--Dan Michaeloff
 
H

Hans Kesting

Daniel said:
Hi all,

I have an application that when finished redirects to a non-ASP.NET
app which is choking on a huge ASP.NET session cookie. The cookie
"ASP.NET_SessionId" gets transmitted by the browser (IE6 in test case)
despite trying Microsoft's suggested method of expiring the cookie
first.

I'd like to be able to kill the cookie and do a Response.Redirect()
from within a server-side button handler, but I'm to the point now
where I'm instead redirecting to a third .aspx page whose only job is
to remove the cookie and have a hyperlink out. In its Page_Load:

{
System.Web.HttpContext.Current.Session.Abandon();

HttpCookieCollection cookieColl =
HttpContext.Current.Request.Cookies; String[] names =
cookieColl.AllKeys;
System.Web.HttpContext.Current.Trace.Write(String.Format("{0}
cookies:", names.Length)); for (int i = 0; i < names.Length; i++) {
HttpCookie cookie = cookieColl[names];
System.Web.HttpContext.Current.Trace.Write(String.Format("
{0}", names));
cookie.Expires = DateTime.Now.AddDays(-1);
cookie.Domain = "invaliddomain";
cookie.Path = "invalidpath";
cookie.Value = "invalidvalue";
Response.Cookies.Add(cookie);
}
}

... but on clicking the hyperlink, the cookie yet lives.

Any ideas? Is this something specific to IE6 perhaps, some security
update that special-cases ASP.NET cookies? Any help is appreciated.

Thanks,
--Dan Michaeloff


What probably happens is that the ASP.Net system automatically
adds that cookie, overwriting your "remove this cookie" version.

Try adding a "EnableSessionState=False" to the @ Page directive in the aspx,
maybe this will get rid of the new session cookie.

Hans Kesting
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,901
Latest member
Noble71S45

Latest Threads

Top