stackoom
  简体   繁体   中英

Strange string in IE Address bar and in source

 原文  2009-10-23 08:38:36       asp.net/ internet-explorer/ iis

Question

This may or may not be a programming question, but one or two users of my website have got some strange strings being inserted into their address bar.

The address should be: http://URL/Couple of Folders/page.aspx

but occassionally the same thing becomes: http://URL/ (X(1)F(qHfgTf50ahMY47b-lnz3ovk89OA4AbMN4S-sYVZCgCULL)) /Folders/Page.aspx

The string is also in the action field as so: 

<form name="aspnetForm" method="post" action="/**(X(1)F(qHfgTf50ahMY47b-lnz3ovk89OA4AbMN4S-sYVZCgCULL))**/<Page>.aspx" onsubmit="javascript:return WebForm_OnSubmit();" id="aspnetForm">

I'm no server/IIS expert, so please excuse me if this is a dumb question, but what is the strange string and do I/my clients need to worry?

3 answers

solution1
 6 ACCPTED  2009-10-23 08:50:18

Looks like you have cookieless sessions set to auto in your web config.

If a user allows cookies, their sessionID is stored in an in memory cookie. If they don't, ASP.Net pushed the sessionID into the URL, and this is used to identify which user is making the request. The strange string of characters you are seeing are sessionIDs for those people who have cookies switched off.

There's not really anything to worry about here, although it does make session hijacking a little easier... Probably wouldn't stress about this though.

Hope it helps...

solution2
 1  2012-10-10 18:11:14

Paul is correct about the sessionID being pushed into your URL's for cookieless users. This is not a problem for human users but poses a potentially significant challenge to bots (most significantly Googlebot's spider) who are crawling your site to index and rank your site in search engines.

Bots will be identified as cookieless by your ASP.NET framework which causes a couple of 302 redirects from the ://URL/autocookiesupportdetect then to the URL/(sessionID)/folders... This 302 redirect is bad enough but, to make matters worse, Googlebot receives a sessionID each time it crawls your site and views each URL with the sessionID as a duplicate page to index. This hurts the pagerank for each page Google crawls with the session ID in the URL.

The fix is add a definition file to your site to identify bots as accepting cookies thus serving them a cookie (vs. a cookieless) session. You then will not have to require that your human visitors have cookies enabled and your bot vistors will be happy to see your pages without the sessionID in your URL's.

solution3
 1  2009-10-26 02:17:47

Please check your sessionstate node settings in web.config . The cookieless attribute in sessionstate node must be set to false as shown in the following settings. 

<sessionState mode="Off|InProc|StateServer|SQLServer"
              cookieless="true|false"
              timeout="number of minutes"
              stateConnectionString="tcpip=server:port"
              sqlConnectionString="sql connection string"
              stateNetworkTimeout="number of seconds"/>

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Avoid Query String that appears in the address bar Strange error in IE Encryption of the link address <a href="http://www.mycompany.com> so it does not appear in source view on IE toolbar On post back focus changes to address bar in IE 11 rather than shifting to next control in the form. C# ASP.NET MVC resource file's string is in a strange encoding format in HTML source HTML/ASP.net/login flow Facebook: how to make redirect URL to my site invisible in address bar ie10 ASP.NET application running in IE8 - tab key does not focus on anything but address bar after postback only Address Bar of PopUp Window Address bar is showing the address of previous page Points disappear in SMS source address
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM