I am losing the ASP.NET_SessionId when switching between pages on my site. The issue happens in Chrome/Firefox/Safari. It does not happen in IE. It is rather strange…here is my scenario.
My site can be accessed by entering http://www.example.org or example.org in browser (this is an important piece of info as you will see).
I enter example.org. From my home page, I log into to my site (note: I am not using ASP.NET forms authentication). I am sent to my default user page (e.g., userpage.aspx). From this page, I click on an <a> that sends me to a different page on my site. The <a> link is full-qualified (e.g., http://www.example.org/page2.aspx). When I get sent to the new page, my session is lost!
So, I ran Fiddler to try and discover the problem. What I found was interesting. The Request Header tag Referer was getting lost between pages.
Here are the steps:
- Go to example.org.
- Login to example.org.
- I get redirected to userpage.aspx. The Referer is http://example.org. The ASP.NET_SessionId is set.
- I click on the
<a>(e.g., http://www.example.org/page2.aspx). After the page is rendered, the ASP.NET_SessionId is lost.
The lost ASP.NET_SessionId is lost consistently is Chrome/Firefox/Safari. This does not happen in IE.
If repeat the above steps by substituting example.org with http://www.example.org, the ASP.NET_SessionId is not lost. It works, correctly each time.
Any thoughts on this behavior?
Add this to your web.config under the <system.web> element
See if there is any change in behavior. It sounds as though sub-domains are failing although I thought the cookie was based at the root domain to begin with. this should force it that way.