ZoneAlarm Causes Session Problems

J

Jeff S

No question here; just information that anyone running ZoneAlarm on a
development machine may find useful as you develop your ASP.NET apps - (or
for those of you who are assisting users who may be running ZoneAlarm.).

To be brief, running ZoneAlarm Pro (and possibly other versions) and an
ASP.NET application simultaneously will result in a new session of your
application being created for every single HTTP request. If you have any
session_start event procedure, then it will execute for every request (new
pages, postbacks - whatever), and not only once for each browser session as
it should. If you want session_start -related code to behave normally,
you'll have to turn off ZoneAlarm (or possibly figure out how to tweak
ZoneAlarm so that it doesn't cause these issues).

In my application, I observed that a new session was initiated for every
single request made to IIS (on local development machine). In my research, I
discovered that ZoneAlarm injects the following text in the <HEAD> section
of pages when rendered in the browser (at least in IE6):

<!-- ZoneLabs Privacy Insertion -->
<script language='javascript'
src='http://127.0.0.1:1031/js.cgi?caw&r=24464'></script>

I'm not sure exactly what it means and how it affects the page, but I do
suspect that ZoneAlarm somehow causes ASP.NET to think that Global.asax has
been updated on every request, and therefore effectively restarts the
application - which eventually subsequently results in a new session being
initiated for each request. Just a theory (perhaps someone else knows what's
really going on).

Separately, running ACT tests with ZoneAlarm turned on vs. turned off yields
a significant improvement in performance (nearly twice as fast with
ZoneAlarm turned off), and a significant reduction in socket errors
(typically zero with ZoneAlarm turned off vs at least dozens and typically
hundreds of socket errors with ZoneAlarm turned on).

HTH
 
H

Hermit Dave

in this case looks like zone alarm is blocking the cookies...
only when the cookies are blocked (and if you are not cookieless=false in
your web.config)
every http request results in a new session...

hope this helps
 
J

Jeff S

You are right... after disabling all of ZoneAlarm's cookie blocking
features, I was able to run ZoneAlarm and ASP.NET sessions behaved as they
should (no new session for every HTTP request).

-Jeff
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top