Multiple ASPSESSIONID cookies

J

JR

I ran across an something i do not understand while doing network
traces of out intranet to troubleshoot a problem. It seems a certain
user has many, many aspnetsessionids in the header.
it looks like this.

ASPSESSIONIDQSRTBCRR=KIFPCDKBJGNMMDNPAGICKHIB;
ASPSESSIONIDSSRQDCQQ=AMNJPBKBCLBCDMMFGKDMCPGD;
ASPSESSIONIDSSQCDTDT=BJOHHJKBEDCNFPKPLBJEFMNL;
ASPSESSIONIDQSTQCCQQ=IHPPNKJBBBDMNKKKHOILFFAF;
ASPSESSIONIDSQQTBCRR=BHODBCKBOBCPGPPNEEHFECGP;
ASPSESSIONIDCCDRTSDD=MIIJBGIBDFOHAKFODCJHABMH;
ASPSESSIONIDQQRQDBTR=OMCFPDJBLKMNOMEEFMFLPPNI;
ASPSESSIONIDSSTRDCQQ=FMPFECKBNNMKHKFMCNECNGEI;
ASPSESSIONIDQSTSCDQQ=GAOBGJKBCGGKKPIKFPDABIEA;
ASPSESSIONIDSQRTDDQR=FCHBOFIBGKFEMGDAPNJEEPMP;
ASPSESSIONIDSSRSCBRR=JHIJBGIBOMBDHBNFFIJCOOBJ;
ASPSESSIONIDSQQQABTR=OKPFECKBCMFIEAAPNBKLAGIP;
ASPSESSIONIDSQRSBATQ=OBOFKKJBNINIKOFAEKDLEGDG;
ASPSESSIONIDSQSQDDRR=HFINJDKBBDJNOPCBAIENPNIE;
ASPSESSIONIDQQRTDDRQ=ENABBLJBIFMHMANDLKMFIMMM;
ASPSESSIONIDSQTQDDRQ=DHKFNIKBAPIGNODMEMLNEEDP;
ASPSESSIONIDQSRTCDRQ=FPAJBLJBBJGFMCGJAENEKNCI;
ASPSESSIONIDQQSTBCRR=KOEBHKKBGOBJOBECLPIGPOLO;
ASPSESSIONIDQSSSDDRQ=KMPHKJKBNHCJCBKOOLCFOKLF;
ASPSESSIONIDQQSSABTR=FDMNLBKBBOGBKCEOKJHLPEHC;
ASPSESSIONIDQSSTBARR=GDBFCLJBEHGCPHJEBKOFOJKH;
ASPSESSIONIDQQQSDCRR=ABDLMCKBHDGOPPCNPEDNCLOL;
ASPSESSIONIDQQRTACQQ=MLONHJKBJIFHOOINNLBKMAHE;
ASPSESSIONIDSSSTBCRQ=MKBDDLJBDAOOCIBGFJLPHCPN;
ASPSESSIONIDSSQSCBQR=OONDACKBLKONCMGPNMGJDOFC;
ASPSESSIONIDQQTSDDQQ=GBFJFEJBFAIKDFODCKFAOBJP;
ASPSESSIONIDCCCSARBR=GAPLCCKBOMNFAJHBEHLHKGMJ;
ASPSESSIONIDSQQQCAQQ=HFNDKFJBOOKCBPDFIHMOMONM;
ASPSESSIONIDQSTQCDQR=IKMNMBKBJOJJLFKPJKHNEIHL;
ASPSESSIONIDSQRQDASQ=BJDJBEJBGCCNDDFFCFKADMEO;
ASPSESSIONIDQQSSCDRR=KMHNPFIBDPBMHDMDCNKBDMOA;
ASPSESSIONIDSQSSBDRQ=PNKBKMJBFPDAAIKMBBEIPGBD;
ASPSESSIONIDSSQQDDQQ=LGBJOJKBMDEEPEJFMBACLOFD;
ASPSESSIONIDQQTRBBSQ=ANCPBKKBIJBDJAOCKDPPEAIC;
ASPSESSIONIDCCCQSSDC=GCDJAEJBNLCLADHFNNPBFOJI;
ASPSESSIONIDQSQQCDRQ=JAHDKEJBMKFCFMLBNKLHBDLJ;
ASPSESSIONIDQQRQAATQ=KBOFKKJBFOCNACIEBCKBPBFI;
ASPSESSIONIDQQQSCCRQ=GDHNMKKBEPJHCNNNGNFCPDBN;
ASPSESSIONIDSSQRADQR=FABNHCKBOODMFPHEJCLCCHHN;
IntranetPrinciple=6EDE71D44AE37EAE7FD1ACDA99D0D2079BD68B2D2F81DB3C6CDA74986B736A47713385D7ED9B0B5A44AD403CB8529F9B751CC2D63EDAD57A5E09C2DC29394088EDC8431671786DA3D806BC4F5DB1A42743C2A52934508BE5918C1DF03238ED1BE5FDD904DE6BEDECF9B43414C8FCBB87E4CA0DB37FE0F28DC4CC6F538231C2BD8097729FF58E5BE0A4AF935CF480128C818285CA56C34692CBD593B0BE2E70D55056677B3994F5F20FC2C080F490DEAEA5CC7D79E7DB9A25E049E3F9F7F75DDB69FD92E984C52D886301C748AF6944C6D45A70706C381F1B1F04B96E42CE858C314F335416E22B0736761724D490D30C1C720A502BA26FB7459D8DCDA3282A6E1DE0AC8BE94F0F404B162FB4C4C0FCC71EFD828646E01FD862D2D49CC167CD18DB5BAB562E5742BFAA351F311629892C2B63B1FB36DC7DA1CBB44E8298D3AED073ACA8989CEE591ABAEA2B3049807AE2568E44479347B0C6A46DEAADB72207392DB73DCEA8E5A682C1179A674DC3BDF0;
ASPSESSIONIDSQQQCDQQ=KMODCCKBNCGJDCAIDCJNNIEF;
ASP.NET_SessionId=0jthma45ezxxlt450i5u5u55;
ASPSESSIONIDSSQCCSCT=CDOHKKJBOPKPOFBINKJLGLDO;
ASPSESSIONIDAABSTSDD=KGOPACKBAAPGCHLLDGPBCLAE;
ASPSESSIONIDSQSTAARQ=IGIPBGIBHNHCAIFGEMGAKDHG;
ASPSESSIONIDSQQRDBTR=DNGHKPKBGHAKBDOPBOOCBFOB;
ASPSESSIONIDSSRSDCRQ=IIHDMPKBGJBDLKCFANFILIAC

So the question is is there a bug in asp.net or is this a result of
bad coding. As far as I know we do not manually create these and I
cannot reproduce it with other users. Anyone seen this issue before?
 
J

JR

I ran across an something i do not understand while doing network
traces of out intranet to troubleshoot a problem. It seems a certain
user has many, many aspnetsessionids in the header.
it looks like this.

ASPSESSIONIDQSRTBCRR=KIFPCDKBJGNMMDNPAGICKHIB;
ASPSESSIONIDSSRQDCQQ=AMNJPBKBCLBCDMMFGKDMCPGD;
ASPSESSIONIDSSQCDTDT=BJOHHJKBEDCNFPKPLBJEFMNL;
ASPSESSIONIDQSTQCCQQ=IHPPNKJBBBDMNKKKHOILFFAF;
ASPSESSIONIDSQQTBCRR=BHODBCKBOBCPGPPNEEHFECGP;
ASPSESSIONIDCCDRTSDD=MIIJBGIBDFOHAKFODCJHABMH;
ASPSESSIONIDQQRQDBTR=OMCFPDJBLKMNOMEEFMFLPPNI;
ASPSESSIONIDSSTRDCQQ=FMPFECKBNNMKHKFMCNECNGEI;
ASPSESSIONIDQSTSCDQQ=GAOBGJKBCGGKKPIKFPDABIEA;
ASPSESSIONIDSQRTDDQR=FCHBOFIBGKFEMGDAPNJEEPMP;
ASPSESSIONIDSSRSCBRR=JHIJBGIBOMBDHBNFFIJCOOBJ;
ASPSESSIONIDSQQQABTR=OKPFECKBCMFIEAAPNBKLAGIP;
ASPSESSIONIDSQRSBATQ=OBOFKKJBNINIKOFAEKDLEGDG;
ASPSESSIONIDSQSQDDRR=HFINJDKBBDJNOPCBAIENPNIE;
ASPSESSIONIDQQRTDDRQ=ENABBLJBIFMHMANDLKMFIMMM;
ASPSESSIONIDSQTQDDRQ=DHKFNIKBAPIGNODMEMLNEEDP;
ASPSESSIONIDQSRTCDRQ=FPAJBLJBBJGFMCGJAENEKNCI;
ASPSESSIONIDQQSTBCRR=KOEBHKKBGOBJOBECLPIGPOLO;
ASPSESSIONIDQSSSDDRQ=KMPHKJKBNHCJCBKOOLCFOKLF;
ASPSESSIONIDQQSSABTR=FDMNLBKBBOGBKCEOKJHLPEHC;
ASPSESSIONIDQSSTBARR=GDBFCLJBEHGCPHJEBKOFOJKH;
ASPSESSIONIDQQQSDCRR=ABDLMCKBHDGOPPCNPEDNCLOL;
ASPSESSIONIDQQRTACQQ=MLONHJKBJIFHOOINNLBKMAHE;
ASPSESSIONIDSSSTBCRQ=MKBDDLJBDAOOCIBGFJLPHCPN;
ASPSESSIONIDSSQSCBQR=OONDACKBLKONCMGPNMGJDOFC;
ASPSESSIONIDQQTSDDQQ=GBFJFEJBFAIKDFODCKFAOBJP;
ASPSESSIONIDCCCSARBR=GAPLCCKBOMNFAJHBEHLHKGMJ;
ASPSESSIONIDSQQQCAQQ=HFNDKFJBOOKCBPDFIHMOMONM;
ASPSESSIONIDQSTQCDQR=IKMNMBKBJOJJLFKPJKHNEIHL;
ASPSESSIONIDSQRQDASQ=BJDJBEJBGCCNDDFFCFKADMEO;
ASPSESSIONIDQQSSCDRR=KMHNPFIBDPBMHDMDCNKBDMOA;
ASPSESSIONIDSQSSBDRQ=PNKBKMJBFPDAAIKMBBEIPGBD;
ASPSESSIONIDSSQQDDQQ=LGBJOJKBMDEEPEJFMBACLOFD;
ASPSESSIONIDQQTRBBSQ=ANCPBKKBIJBDJAOCKDPPEAIC;
ASPSESSIONIDCCCQSSDC=GCDJAEJBNLCLADHFNNPBFOJI;
ASPSESSIONIDQSQQCDRQ=JAHDKEJBMKFCFMLBNKLHBDLJ;
ASPSESSIONIDQQRQAATQ=KBOFKKJBFOCNACIEBCKBPBFI;
ASPSESSIONIDQQQSCCRQ=GDHNMKKBEPJHCNNNGNFCPDBN;
ASPSESSIONIDSSQRADQR=FABNHCKBOODMFPHEJCLCCHHN;
IntranetPrinciple=6EDE71D44AE37EAE7FD1ACDA99D0D2079BD68B2D2F81DB3C6CDA74986­B736A47713385D7ED9B0B5A44AD403CB8529F9B751CC2D63EDAD57A5E09C2DC29394088EDC8­431671786DA3D806BC4F5DB1A42743C2A52934508BE5918C1DF03238ED1BE5FDD904DE6BEDE­CF9B43414C8FCBB87E4CA0DB37FE0F28DC4CC6F538231C2BD8097729FF58E5BE0A4AF935CF4­80128C818285CA56C34692CBD593B0BE2E70D55056677B3994F5F20FC2C080F490DEAEA5CC7­D79E7DB9A25E049E3F9F7F75DDB69FD92E984C52D886301C748AF6944C6D45A70706C381F1B­1F04B96E42CE858C314F335416E22B0736761724D490D30C1C720A502BA26FB7459D8DCDA32­82A6E1DE0AC8BE94F0F404B162FB4C4C0FCC71EFD828646E01FD862D2D49CC167CD18DB5BAB­562E5742BFAA351F311629892C2B63B1FB36DC7DA1CBB44E8298D3AED073ACA8989CEE591AB­AEA2B3049807AE2568E44479347B0C6A46DEAADB72207392DB73DCEA8E5A682C1179A674DC3­BDF0;
ASPSESSIONIDSQQQCDQQ=KMODCCKBNCGJDCAIDCJNNIEF;
ASP.NET_SessionId=0jthma45ezxxlt450i5u5u55;
ASPSESSIONIDSSQCCSCT=CDOHKKJBOPKPOFBINKJLGLDO;
ASPSESSIONIDAABSTSDD=KGOPACKBAAPGCHLLDGPBCLAE;
ASPSESSIONIDSQSTAARQ=IGIPBGIBHNHCAIFGEMGAKDHG;
ASPSESSIONIDSQQRDBTR=DNGHKPKBGHAKBDOPBOOCBFOB;
ASPSESSIONIDSSRSDCRQ=IIHDMPKBGJBDLKCFANFILIAC

So the question is is there a bug in asp.net or is this a result of
bad coding. As far as I know we do not manually create these and I
cannot reproduce it with other users. Anyone seen this issue before?

I just found an article on MS and it seems these are from classic ASP

http://support.microsoft.com/kb/q184574/

Thats very odd since our app should be all asp.net.
 
J

JR

I just found an article on MS and it seems these are from classic ASP

http://support.microsoft.com/kb/q184574/

Thats very odd since our app should be all asp.net.- Hide quoted text -

- Show quoted text -

based on what i read i found that we have custom error pages that are
asp. When a user gets 500 or 404 errors it runs our custom asp page
and they get a new aspsessionid cookie.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,482
Members
44,901
Latest member
Noble71S45

Latest Threads

Top