Home/ Questions/Q 9029419
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-16T07:14:50+00:00

I’m working on an ASP.Net MVC 4 app that uses Webmatrix for the authentication.

  • 0

I’m working on an ASP.Net MVC 4 app that uses Webmatrix for the authentication. I have the following in my web.config file 

<sessionState mode="SQLServer" cookieless="true" allowCustomSqlDatabase="true"
     sqlConnectionString="Data Source=server;Initial Catalog=ASPState;Persist
                          Security Info=True;User ID=user;Password=password" 
     timeout="2880" sqlCommandTimeout="10" />

I can see the ASPState database is being populated, but I’m still getting the session id in the URL. When I try accessing it via Chrome it errors out saying to many redirects. When I access it via IE it works even though I see it redirection (though the session id is in the url) but errors when I try to log in with the following error:

Unable to serialize the session state. In ‘StateServer’ and ‘SQLServer’ mode,
ASP.NET will serialize the session state objects,
and as a result non-serializable objects or MarshalByRef objects are
not permitted. The same restriction applies if similar serialization
is done by the custom session state store in ‘Custom’ mode.

I haven’t made any customization to the Webmatrix, it’s all default. I need the session id to stay out of the URL and use the DB like I have it set in the web.config file

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    First of all, try setting cookieless to false. Second, allowCustomSqlDatabase should be set to false when using ASPState, and third don’t specify Initial Catalog in your connection string. SQLState will automatically do it in the background. Forth, I don’t know what is it that you are trying to serialize, but you should put [Serializable] attribute above your class that you are trying to store in a session.

    As for the session id in a URL string, are you using IIS or IIS Express? IIS uses a little utility aspnet_filter.exe to accept the URL’s with session id and internally it redirects you to a proper address. The same is when it returns info back to you. THe URL goes again through the process of decoration. However, I am not sure that IIS Express uses that utility. In a way it wouldn’t really make too much sense that on a developer machine you turn cookies off.

    • 0