ASP.NET Cookieless Session URL Issue ONLY in mobile safari

感情迁移 提交于 2019-12-22 04:42:37

问题


We're hosted on AppHarbor and using their memcacher add-on, setup as described in their documentation:

<sessionState cookieless="false" regenerateExpiredSessionId="true" mode="Custom"
          customProvider="MemcachedSessionProvider" xdt:Transform="Insert">
  <providers>
    <add name="MemcachedSessionProvider"
         type="MemcachedProviders.Session.SessionStateProvider,MemcachedProviders"
         dbType="none" />
  </providers>
</sessionState>

We're seeing an issue that can be reproduced ONLY by:

  1. Following a twitter shortened URL to appfail.net inside iOS Safari (or the twitter iphone app's in-built webkit browser): http://t.co/6tRXopEJ
  2. Click on our 'Run Demo' button, which then automatically signs the user in, with our demo account.

At this point the server issues a 302 redirect to an invalid URL, eg: http://appfail.net/(F(FckQ4UX0zD_WSxk_adpkk3YysHsYQS4TSVpljxmswyBqEAZ1q-YhW4KePrpYQfJ4KlLGaiyje_TbpeSARVyI8LioQ7Jp5EIc0Zm9u99IqRRkkoMh_wr-jrsrvje4J7KpUt1n87xEMzMeqHzpMz9ksm42IqNnf3F9B6GBwrnuA5EY_YsV0))/Applications

The url appears to contain a SessionID, in the same format that IIS uses for cookieless sessions. This would also make sense, since IIS can be configured to use sessionless cookies based on the UserAgent - hence why it only reproduces in mobile safari (although I'm not sure why it only happens with the t.co/ redirect, and not when loading the page directly)

The strange thing is -- we have cookieless sessions turned off! As you can see in the session state above. I've also tried this with the setting 'cookieless="UseCookies"'... No luck!

I've added logging and even verified that the system in configured as "UseCookies" while running.

So, I'm wondering how we could possibly be redirecting users to a cookieless-URL, just using RedirectToAction()?

I'm wondering if this could be related to the custom session state provider -- MemcachedProvider? Or is it something more basic?

Thanks Sam


回答1:


It might be due to faulty ASP.NET client capability detection, please check this question: Asp.Net Forms Authentication when using iPhone UIWebView




回答2:


Microsoft released a Hotfix in September 2011 which has resolved the similar problems I had been having with IE10 in the Windows 8 Preview Release.



来源:https://stackoverflow.com/questions/10998714/asp-net-cookieless-session-url-issue-only-in-mobile-safari

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!