[Mono-list] Cross-Browser Session Mixing

A Rafael D Teixeira rafael.teixeirabr at terra.com.br
Mon Jul 11 10:57:34 EDT 2005


Hi,

You can still keep session variables without the same browser conflict.
Just configure session state to not use cookies. It will remain the
same, but will mangle the url to keep the key there. It becomes
something like:

http://localhost/WebApplication1/(uwvgovu0hljrmdqcl1aajf2f)/WebForm1.aspx

In practical terms all you need to do is to change your web.config,
setting  cookieless to "true" in /configuration/system.web/sessionState.

Details about this entry of the configuration file:

http://msdn.microsoft.com/library/default.asp?url=/library/en-
us/cpgenref/html/gngrfsessionstatesection.asp

Cookieless Session-state works nicely with mono/xsp/mod_mono, so far as
I tested.

Pitfall
-------
One of the problems in the MS implementation is reported at:

http://support.microsoft.com/?kbid=828330

This probably will also manifest in xsp/mod_mono in linux as even more
things are case-sensitive, just ensure your URL are kept consistently
case-wise.

Enjoy,


On Mon, 2005-07-11 at 08:39 -0400, David P. Donahue wrote:
> > So what do you do without sessions?  Bundle all required data inside
> > each page, either in the URL (yuck) or as a set of hidden form
> > variables:
> > 
> > 	<input type="hidden" name="Foo" value="Bar"/>
> > 
> 
> I came across that same idea back when I began developing websites with 
> .NET, but it's not feasible for me from a security standpoint.  Many of 
> these values I don't want the user to be able to change before posting 
> back to the server, or even see in some cases.  For my needs, the 
> information exchange for which I use Session variables must happen 
> entirely server-side.
> 
> 
> Regards,
> David P. Donahue
> ddonahue at ccs.neu.edu
> http://www.cyber0ne.com
> _______________________________________________
> Mono-list maillist  -  Mono-list at lists.ximian.com
> http://lists.ximian.com/mailman/listinfo/mono-list
> 
> E-mail classificado pelo Identificador de Spam Inteligente Terra.
> Para alterar a categoria classificada, visite
> http://mail.terra.com.br/protected_email/imail/imail.cgi?+_u=rafael.teixeirabr&_l=1,1121085379.440266.12381.casama.terra.com.br,3862,Des15,Des15
> 
> Esta mensagem foi verificada pelo E-mail Protegido Terra.
> Scan engine: McAfee VirusScan / Atualizado em 08/07/2005 / Versão: 4.4.00 - Dat 4531
> Proteja o seu e-mail Terra: http://mail.terra.com.br/
> 



More information about the Mono-list mailing list