[Mono-bugs] [Bug 75956][Nor] Changed - [PATCH] ASPSESSION cookie path incorrect

bugzilla-daemon at bugzilla.ximian.com bugzilla-daemon at bugzilla.ximian.com
Wed Sep 14 12:39:36 EDT 2005


Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by bugzilla at patearl.net.

http://bugzilla.ximian.com/show_bug.cgi?id=75956

--- shadow/75956	2005-09-12 17:57:24.000000000 -0400
+++ shadow/75956.tmp.28856	2005-09-14 12:39:36.000000000 -0400
@@ -244,6 +244,27 @@
 
     SessionStateServerHandler.cs
     SessionSQLServerHandler.cs
 
 I can't test the changes to those files easily, though if requested I
 could investigate the possibility of making the changes and testing them.
+
+------- Additional Comments From bugzilla at patearl.net  2005-09-14 12:39 -------
+I wrote another quick hack to deal with the state server management. 
+Basically, whenever state_server is accessed with an id, I added
+context.Request.ApplicationPath to the end of the id.  This made the
+id application-specific and worked as I expected.  I can provide that
+particular patch if requested.
+
+For the sql code, a bit more work is required.  The id field is 32
+bytes in the ms system.  I assume we'd like to leave it the same
+width.  The way MS works is that they use 24 bytes for the cookie and
+then append 8 bytes that represent a 32-bit application ID.  The
+application ID is stored in a separate table with an identifier for
+the application.  Here's an example of the table contents:
+     /lm/w3svc/1/root/apps       1613778700
+     /lm/w3svc/1/root/apps/app2  1670166672
+
+Somebody needs to figure out what constitutes an application (for
+example, a separate instance of xsp running on a different port would
+likely be a different application).  Perhaps the URL of the
+application root would be good for application identification.


More information about the mono-bugs mailing list