We’re currently having an issue with cookieless sessions in ASP.NET, according to the documentation on MSDN here when you use AutoDetect:
ASP.NET determines whether the requesting browser or device supports cookies. If the requesting browser or device supports cookies, AutoDetect uses cookies to persist user data; otherwise, an identifier is used in the query string. If the browser or device supports cookies, but cookies are currently disabled, cookies are still used by the requesting feature.
Notice the query string part! Now if it were indeed added to the URL like &sessionId=yoursessionidhere it’s all fine but actually what I get are URLs like this: http://yourserver/folder/(session ID here)/default.aspx.
So my question is: How would I configure ASP.NET to use the querystring (as it claims) instead of this URL defacing method?
UPDATE:
I’m adding the config value we use in our web.config:
<sessionState mode="StateServer" stateConnectionString="tcpip=127.0.0.1:42424" cookieless="AutoDetect" timeout="20" />
Reading this resource here http://forums.asp.net/t/1480365.aspx/1 do you have the cookieless=”UseUri” setting in the web.config – try deleting that from what I gather it may help! Do let me know!
Additionally it would probably be worth posting your config block in the question.
Ive done some more digging and found this post which covers the request handling in the source code for MVC – using the session id in the URL for routing looks to be baked in pretty deep – see the excepted answer code blocks Possible Bug With ASP.NET MVC 3 Routing?
I’ll keep looking for you but this one has me stumped! I think you need to get this question in front of someone like Hanselmann, Haack or Skeet.