ASP.NET_SessionID Missing on Production only
Question
I have written an ASP.net webservice using C#. Everything works just fine with the service itself and deployment to stage and production. However after running an Acunetix scan there is an issue with cross site scripting. Our entire network is behind a WAF which is able to add some cookie stuff to provide protection for this. For the WAF to work it needs another cookie to attach to, we are trying to use the ASP.Net_SessionID cookie. This cookie wasn't showing up so we added the line below to the web config and the cookie started showing up on the stage system only. When we deployed this update to production the cookie is not showing up.
<sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes" cookieless="false" timeout="20"/>
As far as we can tell both servers are functionally identical, iis 6, OS, dlls ect. Yet we can't get this cookie to populate. Any ideas?
1 answers
solution1
0 ACCPTED 2013-05-15 22:11:05
Are you putting anything in session? If you don't then the cookie will not be sent to the client browser.
Have you tried the aspxanonymous cookie?
http://msdn.microsoft.com/en-us/library/91ka2e6a(v=vs.100).aspx
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.