views:

914

answers:

2

I'm having trouble getting Session State to work correctly in my ASP.Net application. I've set EnableSessionState="true" in all my <%@ Page %> directives but I still seem to get issued a different Session ID on every page.

I am using a Master Page which I can't find a way to specify EnableSessionState for (I assume if the Page using it has Session State then it does?)

I've set the <sessionState> element in my Web.config to use InProc session state with cookies but this seems to have no effect - I am running IIS 7 so I'd expect the <system.web> section to be ignored in favour of the <system.webServer> section and there doesn't seem to be an equivalent config element for session state in this (or it isn't obvious).

I've tried googling for stuff on this but I can't seem to find something that explains exactly what I need to do to get Session State enabled across my entire application and working properly. Any ideas anyone?

My Web.config file is as below and I can post further details if required.

<?xml version="1.0"?>
<configuration>
    <configSections>
     <sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
      <sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
       <section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
       <sectionGroup name="webServices" type="System.Web.Configuration.ScriptingWebServicesSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
        <section name="jsonSerialization" type="System.Web.Configuration.ScriptingJsonSerializationSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="Everywhere"/>
        <section name="profileService" type="System.Web.Configuration.ScriptingProfileServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
        <section name="authenticationService" type="System.Web.Configuration.ScriptingAuthenticationServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
        <section name="roleService" type="System.Web.Configuration.ScriptingRoleServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
       </sectionGroup>
      </sectionGroup>
     </sectionGroup>
    </configSections>
    <appSettings>
     <add key="DBServer" value="localhost"/>
     <add key="DBName" value="bbcdemo"/>
     <add key="DBUser" value="example"/>
     <add key="DBPassword" value="password"/>

    <add key="DemoEndpoint" value="http://nottm.ecs.soton.ac.uk/BBCDemo/sparql/"/&gt;

    <add key="/BBCDemo/sparql/" value=""/>
    <add key="LoadMode" value="PreloadAllAsync" />
    <add key="DefaultQueryFile" value="~/App_Data/default.rq"/>
    <add key="Stylesheet" value="/BBCDemo/bbcdemo.css"/>

    <add key="RewriteRuleFind1" value="^.*programmes/([A-Za-z0-9]+)$"/>
    <add key="RewriteRuleReplace1" value="http://www.bbc.co.uk/programmes/$1#programme"/&gt;

    </appSettings>
    <connectionStrings/>
    <system.web>
     <!-- 
            Set compilation debug="true" to insert debugging 
            symbols into the compiled page. Because this 
            affects performance, set this value to true only 
            during development.
        -->
     <compilation debug="true">
      <assemblies>
       <add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
       <add assembly="System.Data.DataSetExtensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
       <add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
       <add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
      </assemblies>
     </compilation>
     <!--
            The <authentication> section enables configuration 
            of the security authentication mode used by 
            ASP.NET to identify an incoming user. 
        -->
     <authentication mode="Windows"/>
     <!--
            The <customErrors> section enables configuration 
            of what to do if/when an unhandled error occurs 
            during the execution of a request. Specifically, 
            it enables developers to configure html error pages 
            to be displayed in place of a error stack trace.

        <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
            <error statusCode="403" redirect="NoAccess.htm" />
            <error statusCode="404" redirect="FileNotFound.htm" />
        </customErrors>
        -->
     <pages>
      <controls>
       <add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
       <add tagPrefix="asp" namespace="System.Web.UI.WebControls" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      </controls>
     </pages>
     <httpHandlers>
      <remove verb="*" path="*.asmx"/>
      <add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      <add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      <add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" validate="false"/>
     </httpHandlers>
     <httpModules>
      <add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
     </httpModules>
    <sessionState mode="InProc" timeout="20" cookieless="UseCookies" />
    </system.web>
    <system.codedom>
     <compilers>
      <compiler language="c#;cs;csharp" extension=".cs" warningLevel="4" type="Microsoft.CSharp.CSharpCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
       <providerOption name="CompilerVersion" value="v3.5"/>
       <providerOption name="WarnAsError" value="false"/>
      </compiler>
     </compilers>
    </system.codedom>
    <!-- 
        The system.webServer section is required for running ASP.NET AJAX under Internet
        Information Services 7.0.  It is not necessary for previous version of IIS.
    -->
    <system.webServer>
     <validation validateIntegratedModeConfiguration="false"/>
     <modules>
      <remove name="ScriptModule"/>
      <add name="ScriptModule" preCondition="managedHandler" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
     </modules>
     <handlers>
      <remove name="WebServiceHandlerFactory-Integrated"/>
      <remove name="ScriptHandlerFactory"/>
      <remove name="ScriptHandlerFactoryAppServices"/>
      <remove name="ScriptResource"/>
      <remove name="SPARQLHandler"/>
      <add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      <add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      <add name="ScriptResource" preCondition="integratedMode" verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      <add name="SPARQLHandler" verb="*" path="sparql/" type="VDS.RDF.Web.SPARQLHandler"/>
      <add name="ResourceHandler" verb="*" path="programmes/*" type="VDS.RDF.Web.SQLResourceHandler"/>
     </handlers>
    </system.webServer>
    <runtime>
     <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
       <assemblyIdentity name="System.Web.Extensions" publicKeyToken="31bf3856ad364e35"/>
       <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/>
      </dependentAssembly>
      <dependentAssembly>
       <assemblyIdentity name="System.Web.Extensions.Design" publicKeyToken="31bf3856ad364e35"/>
       <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/>
      </dependentAssembly>
     </assemblyBinding>
    </runtime>
</configuration>

Before anyone moans at me for storing DB settings in AppSettings I should point out that in production I would encrypt the <appSettings> section and that the database account used only has (and needs) read-only privileges on the specific database.

+1  A: 

Setting EnableSessionState=true doesn't really achieve much, it's on application-wide by default. To ensure your IIS7 configuration is correct, you can try executing the following command:

appcmd set config /commit:WEBROOT /section:sessionState /mode:InProc

If you're seeing a new SessionID on every page, it could simply be that your client isn't storing/forwarding the session cookie (possibly because of security restrictions on the browser). First verify that you are indeed presenting the session cookie, and that all requests are served from the same domain.

To verify that it's not a cookie issue, you can switch session state to use cookieless mode to see if the correct session is loaded on subsequent requests:

<sessionState cookieless="UseUri" />
Nariman
+1  A: 

Hi Rob,

I was checking the session state parameters from your Web.Config. I believe there is a typo error. Please verify the web.config again and test.....

In the SessionState tag, the cookieless attribute only accepts the value of "true" or "false", but your web.config shows as "UseCookies"

<sessionState mode="InProc" timeout="20" cookieless="UseCookies" />

Please set the value of cookieless to false or true and try again.. Hope this will solve the issue....

Rasik Jain