tags:

views:

72

answers:

2
+2  Q: 

Weird ASP.NET MVC links with (A(anythingworkshere))

Google's webmaster tools has started showing some very strange internal links for my site. It appears "normal", but I'm not sure what to make of it. If you use parentheses and put in a single letter, then put literally anything in parentheses after that, the link works. I did a search for any other MVC sites so I could see if they had the same behavior. Microsoft's site came up at the top of the list with an odd link as well. The search terms were "asp.net mvc site" and the first link I got was for:

http://www.asp.net/(S(d35rmemuuono1wvm1gsp2n45))/mvc

I don't like this at all. You can change the S to an A or any other letter, and then put any text you want in the next section. Anyone know how to stop it? For the life of me I can't see anything wrong with my routes. I used MVC so I wouldn't have strange url's floating around in search engines so this is pretty disappointing.

Nearest I can guess from the Google "internal links" list is that it may be a cookie. But I can't find any circumstance when I view the source on my site where I see anything but the proper relative links.

+1  A: 

That looks like the Session ID format used when cookieless sessions are turned on (<sessionState cookieless="true" /> in Web.config). This appears to be general ASP.NET behavior, not just MVC, as I was able to reproduce this behavior with a standard 3.5 Website project in VS 2010.

It seems that ASP.NET will process values in that form as if it were a Session ID, even if you do not have cookieless sessions turned on.

It's hard to diagnose the situation without seeing your actual site configuration and logs, but if I had to guess, I'd say that the Google webmaster tools are not returning the session cookie to your site in the request, so the site is falling back to cookieless method in an attempt to maintain the session.

Jeromy Irvine  2010-06-28 20:17:39
Someone in the www.asp.net web forum suggested cookieless session as well, but I don't think that's this problem. If I craft a URL that simply uses host.com/(session-variable)/valid-link it doesn't work. I have to have this wierd (A(test-text)) thing where the first section only contains one letter. If I make it (AA(test-text) it fails. I've added <sessionState cookieless="false" /> to the Web.config now (I didn't have an entry previously) and the behavior is the same.
Ron Grove  2010-06-28 20:39:32
Well, I should say manually injecting the text still works the same. I've never been able to replicate how Google got those urls so you could be right, I really don't know. If it's the cookieless="false" thing then it would be nice if that fixes it. Right now I'm still concerned that (A(test-text)) still works on every MVC site I've tried it on. :-(
Ron Grove  2010-06-28 20:45:03
The `host.com/(session-id)/x` is the .NET 1.1 format. Starting in 2.0, it switched to the `host.com/(S(session-id))/x` format. It appears that any uppercase character could be substituted for the "S". ASP.NET appears to always handle URLs in that format as cookieless session ids, even if you're not intending to use them. You can reproduce the behavior on any ASP.NET 2.0+ site, from what I've been able to determine.
Jeromy Irvine  2010-06-28 21:04:25
In other words, it is a bit annoying that it confuses the logs and analysis tools, but it's normal behavior for an ASP.NET site, and there doesn't seem to be any way to prevent it, so I wouldn't worry too much about it.
Jeromy Irvine  2010-06-28 21:09:14
I chose MVC because it's an article site. I wanted to guarantee the URL provided to the consumer (whether it's a bot or a person) would be exactly what I wanted. If I can't guarantee that with ASP.NET MVC then that's a serious, serious problem IMHO. I never specifically enabled cookieless sessionState in the first place, so specifying it as false should only be confirming the what I read should have been the default value. I'm ticked. I've spent all day, and I still don't know how google got those links and the all the work put into routing is down the drain if I can't guarantee outbound URLs.
Ron Grove  2010-06-28 21:19:38
+1  A: 

This is for cookieless sessions.

Since google is scanning with a bot, its using the cookieless session.

More info:

http://stackoverflow.com/questions/595728/asp-net-cookieless-sessionid-url-location

jfar  2010-06-28 20:19:51

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps