问题
I am calling a Credit card payment provider (Vantiv). When the payment provider calls back my Order complete URL the Session Id changes and thus all session variables are set to null. It is proven to happen after KB4535102 (or KB4535104 on the Windows 2012 R2 server).
Looks like the Thread is aborted without a command for that. After system restore when patch is removed, it works normal. Anybody has a hint? I'm looking for this a long time. Thanks
targetFramework="4.8"
It happens in an iframe or with Page.Response.Redirect or with html like this:
Response.Write("<form name=\"frmCheckout\" method=\"Post\" action=\"" + URLMercuryCheckout + "\" >");
Response.Write("<input name=\"PaymentID\" type=\"hidden\" value=\"" + PaymentID + "\">");
The code in html you can find above, it also happens with
Page.Response.Redirect("https://hc.mercurycert.net/CheckoutiFrame.aspx?pid=8fcc6f32-3480-4868-9fa6-ecd7331a0724);
I first set up a payment request. In this request you need to specify: OrderCompleteURL (payment ok url) and CancelReturnURL (in case cancel button is pressed on the payment site). This webservice call returns a PID paymentid. After that I call the Payment website CheckoutiFrame.aspx with the paymentid.
When the user is entering the credit card and click the Pay button, it will call the URL in OrderCompleteURL. When coming back, the Sessionid is changed in my web environment. (Also when CancelReturnURL was called my session is gone)
This result in all my Session variables to be gone. The first line where Session["Variable"].ToString() is used this error happens:
"An exception of type 'System.NullReferenceException' occurred in WebMobile.dll but was not handled in user code"
When restoring windows before patch KB4535102 this does not happen and the Session ID stays the same and all Session variables are available.
Similar question also found in : ASP.NET_SessionId cookieSameSite issue
来源:https://stackoverflow.com/questions/61359358/loosing-my-session-id-and-thus-session-variables-in-asp-net-c-sharp-after-inst