开发者

How does IIS7 determine the same session in a cookieless scenario?

开发者 https://www.devze.com 2023-01-28 22:10 出处:网络
We have ASP.NET cookieless sessions (inproc), so URL contains the session id, i.e. S(dfasfdafasdfasfa)

We have ASP.NET cookieless sessions (inproc), so URL contains the session id, i.e. S(dfasfdafasdfasfa)

We also have several clients going through proxy servers where it appears like our web server doesn't recognize the session id and without the session data they can't continue. I've tested our sites on open proxies and they work fine. But there is something going on with this particular client proxy server that causes this behavior.

I've examined package captures for the success and fail cases (provided by the client) and the raw HTML getting transmitted, including headers, is the same. The proxy server does not appear to be caching URLs because the correct session id is coming down.

开发者_如何学Go

So my thought is that IIS7 is using something in addition to the session id in the URL to determine a unique client. Perhaps something at the TCP/IP level? Rather than just App(http) level. Is this on track? Does anyone know the answer to this?

Unfortunately without being able to recreate this scenario locally I'm racking my brain hard.


Log the Request Url, SessionId and IsNewSesssion.... that should tell you where the problem lies.

I doubt you would see a valid session presented in the Url but not reflected in SessionId. If you see the value you expect reflected in SessionId but IsNewSession is true across multiple requests, then it's an app recycle issue.

0

精彩评论

暂无评论...
验证码 换一张
取 消