Professional Web Applications Themes

Cookieless session problems - ASP.NET General

Hello, we are having problems displaying non-aspx files (images, style sheets) since we have upgraded to the 1.1 framework when using a cookieless session (sessionID in the url). Check out our file system set up below. Now, in an aspx page, we set as the "src" of our images something like "../images/animage.jpg". If the current actual url in the browser is something like [url]http://server/webapp/(someSessionID)/forms/form1.aspx[/url] then the url of the image could be interpreted as something like [url]http://server/webapp/(someSessionID)/forms/form1.aspx/../images/animage.jpg[/url] (I think). (In the rendered html, of course, the image tag looks like: <img src="../images/animage.jpg">.) In the old framework, this way of specifying ...

  1. #1

    Default Cookieless session problems

    Hello,

    we are having problems displaying non-aspx files (images, style
    sheets) since we have upgraded to the 1.1 framework when using a
    cookieless session (sessionID in the url).

    Check out our file system set up below. Now, in an aspx page, we set
    as the "src" of our images something like "../images/animage.jpg". If
    the current actual url in the browser is something like
    [url]http://server/webapp/(someSessionID)/forms/form1.aspx[/url]
    then the url of the image could be interpreted as something like
    [url]http://server/webapp/(someSessionID)/forms/form1.aspx/../images/animage.jpg[/url]
    (I think). (In the rendered html, of course, the image tag looks
    like: <img src="../images/animage.jpg">.)

    In the old framework, this way of specifying the image src url (ie.
    relative url) with cookieless sessions worked. However, in the new
    framework (1.1), it does not work. In testing, though, if we manually
    type the following url in the browser, the image is correctly
    retrieved:
    [url]http://server/webapp/(someSessionID)/forms/form1.aspx/../../images/animage.jpg[/url]

    It seems that ASP/IIS takes the session ID in the url as a real part
    of the path.

    The above solution (adding another set of "../" if the
    Session.IsCookieless=false) to all url's for images, stylesheets,
    javascript files, etc is a possible workaround, but we think it's
    ugly. (Alternatives would be greatly appreciated.)

    So we are stumped. Frankly, we are surprised that more people have
    not brought this issue to the newsgroups' attention.


    --our set-up---
    Virtual Directory : [url]http://server/webapp[/url]
    located at: c:\inetpub\wwwroot\webapp
    and images at: c:\inetpub\wwwroot\webapp\images
    aspx forms at: c:\inetpub\wwwroot\webapp\forms


    Scott
    Jerome


    Scott Guest

  2. #2

    Default Re: Cookieless session problems

    Hi Cowboy,

    We use your method #2 to link to images (stylesheets, javascript
    files, etc). Let me see if I can explain this in a better way.

    If we store the session in a cookie, things would look like this:
    current page url : [url]http://server/virtual/forms/form1.aspx[/url]
    which could have an image tag with src="../images/image.gif"
    which would mean that the _absolute_ url of the image that the browser
    will use to get it is something like:
    [url]http://server/virtual/forms/../images/image.gif[/url]

    If we store the session id in the url (cookieless), then things turn
    into this:
    current page url :
    [url]http://server/virtual/(1c3ejx25cbrwkin03vb4wsrb)/forms/form1.aspx[/url]
    with an image tag src="../images/image.gif"
    which leads to an "absolute" url for the browser of:
    [url]http://server/virtual/(1c3ejx25cbrwkin03vb4wsrb)/forms/../images/image.gif[/url]


    This is the problem (I think): When we use a relative url for
    non-aspx pages, IIS does not give "control" to the aspnet process, so
    the session id is not stripped out of the url, which means that IIS
    thinks (if it does) that the session id is just another directory of
    the url. I do use the "engine" in some other applications, notably
    where the images are coming from a db and such, but it would be nice
    if i did not have to do the same things for style sheets (etc).

    I also think it is strange that we only noticed this problem after
    installing the 1.1 Framework.

    Thanks,
    Scott

    "Cowboy (Gregory A. Beamer)" <NoSpamMgbworldcomcast.netRemuvThis>
    wrote in message news:uNm9X%23qUDHA.1276TK2MSFTNGP09.phx.gbl...
    > Images do not require session. As such, you would generally ignore
    the
    > session with images. In most apps, you drive images in one of three
    ways:
    >
    > 1. Direct access [url]http://mysite.com/image.gif[/url]
    > 2. Through relative URLs in the page
    > 3. Through an image engine [url]http://mysite.com/image.aspx?id=283490856[/url]
    >
    > When using cookieless sessions, direct access becomes a bit more of
    a pain,
    > but .NET can handle it for you ... without the traverse, that is. If
    the
    > traverse is necessary, you may need to create an image serving page
    (engine)
    > and let it pull the image from the file sys.
    >
    > --
    > Gregory A. Beamer
    > MVP; MCP: +I, SE, SD, DBA
    > Author: ADO.NET and XML: ASP.NET on the Edge
    >
    >
    ************************************************** ********************
    ******
    > ****
    > Think Outside the Box!
    >
    ************************************************** ********************
    ******
    > ****
    > "Scott" <scooncethegapJUNKcompany.com> wrote in message
    > news:%23NqjBToUDHA.2184TK2MSFTNGP10.phx.gbl...
    > > Hello,
    > >
    > > we are having problems displaying non-aspx files (images, style
    > > sheets) since we have upgraded to the 1.1 framework when using a
    > > cookieless session (sessionID in the url).
    > >
    > > Check out our file system set up below. Now, in an aspx page, we
    set
    > > as the "src" of our images something like "../images/animage.jpg".
    If
    > > the current actual url in the browser is something like
    > > [url]http://server/webapp/(someSessionID)/forms/form1.aspx[/url]
    > > then the url of the image could be interpreted as something like
    > >
    >
    [url]http://server/webapp/(someSessionID)/forms/form1.aspx/../images/animage.jpg[/url]
    > > (I think). (In the rendered html, of course, the image tag looks
    > > like: <img src="../images/animage.jpg">.)
    > >
    > > In the old framework, this way of specifying the image src url
    (ie.
    > > relative url) with cookieless sessions worked. However, in the
    new
    > > framework (1.1), it does not work. In testing, though, if we
    manually
    > > type the following url in the browser, the image is correctly
    > > retrieved:
    > >
    >
    [url]http://server/webapp/(someSessionID)/forms/form1.aspx/../../images/animage.jpg[/url]
    > >
    > > It seems that ASP/IIS takes the session ID in the url as a real
    part
    > > of the path.
    > >
    > > The above solution (adding another set of "../" if the
    > > Session.IsCookieless=false) to all url's for images, stylesheets,
    > > javascript files, etc is a possible workaround, but we think it's
    > > ugly. (Alternatives would be greatly appreciated.)
    > >
    > > So we are stumped. Frankly, we are surprised that more people
    have
    > > not brought this issue to the newsgroups' attention.
    > >
    > >
    > > --our set-up---
    > > Virtual Directory : [url]http://server/webapp[/url]
    > > located at: c:\inetpub\wwwroot\webapp
    > > and images at: c:\inetpub\wwwroot\webapp\images
    > > aspx forms at: c:\inetpub\wwwroot\webapp\forms
    > >
    > >
    > > Scott
    > > Jerome
    > >
    > >
    >
    >

    Scott Guest

  3. #3

    Default Re: Cookieless session problems

    problems displaying images, style sheets using cookieless session
    (sessionID in the url) - cookieless session broken images.

    Finally... I found the answer! at least in my case.
    Hope this helps!
    Check your isapi filters in iis. Make sure ASP.net is included and
    running. Here's how.

    open internet services manager
    right clik on the server node and choose properties
    master properties <edit>
    (tab) isapi flters
    look for an entry "ASP.NET_x.xx.x.x.x"
    if it is not there, this is your problem!

    <add> ASP.Net
    C:\WINNT\Microsoft.NET\Framework\v1.0.3705\aspnet_ filter.dll

    the above value is for 1.0.3705
    you should use whichever version you are running.
    restart iis

    "Scott" <scooncethegapJUNKcompany.com> wrote in message news:<#NqjBToUDHA.2184TK2MSFTNGP10.phx.gbl>...
    > Hello,
    >
    > we are having problems displaying non-aspx files (images, style
    > sheets) since we have upgraded to the 1.1 framework when using a
    > cookieless session (sessionID in the url).
    >
    > Check out our file system set up below. Now, in an aspx page, we set
    > as the "src" of our images something like "../images/animage.jpg". If
    > the current actual url in the browser is something like
    > [url]http://server/webapp/(someSessionID)/forms/form1.aspx[/url]
    > then the url of the image could be interpreted as something like
    > [url]http://server/webapp/(someSessionID)/forms/form1.aspx/../images/animage.jpg[/url]
    > (I think). (In the rendered html, of course, the image tag looks
    > like: <img src="../images/animage.jpg">.)
    >
    > In the old framework, this way of specifying the image src url (ie.
    > relative url) with cookieless sessions worked. However, in the new
    > framework (1.1), it does not work. In testing, though, if we manually
    > type the following url in the browser, the image is correctly
    > retrieved:
    > [url]http://server/webapp/(someSessionID)/forms/form1.aspx/../../images/animage.jpg[/url]
    >
    > It seems that ASP/IIS takes the session ID in the url as a real part
    > of the path.
    >
    > The above solution (adding another set of "../" if the
    > Session.IsCookieless=false) to all url's for images, stylesheets,
    > javascript files, etc is a possible workaround, but we think it's
    > ugly. (Alternatives would be greatly appreciated.)
    >
    > So we are stumped. Frankly, we are surprised that more people have
    > not brought this issue to the newsgroups' attention.
    >
    >
    > --our set-up---
    > Virtual Directory : [url]http://server/webapp[/url]
    > located at: c:\inetpub\wwwroot\webapp
    > and images at: c:\inetpub\wwwroot\webapp\images
    > aspx forms at: c:\inetpub\wwwroot\webapp\forms
    >
    >
    > Scott
    > Jerome
    levous Guest

  4. #4

    Default Re: Cookieless session problems

    We haven't been able to try it yet to see if this was our problem (IIS
    filter was empty though).

    Thank you, levous, for your solution. Been looking for something like
    this for a long time; thanks.

    Scott

    "levous" <rz> wrote in message
    news:81ae55e.0308040631.2e8012aeposting.google.co m...
    > problems displaying images, style sheets using cookieless session
    > (sessionID in the url) - cookieless session broken images.
    >
    > Finally... I found the answer! at least in my case.
    > Hope this helps!
    > Check your isapi filters in iis. Make sure ASP.net is included and
    > running. Here's how.
    >
    > open internet services manager
    > right clik on the server node and choose properties
    > master properties <edit>
    > (tab) isapi flters
    > look for an entry "ASP.NET_x.xx.x.x.x"
    > if it is not there, this is your problem!
    >
    > <add> ASP.Net
    > C:\WINNT\Microsoft.NET\Framework\v1.0.3705\aspnet_ filter.dll
    >
    > the above value is for 1.0.3705
    > you should use whichever version you are running.
    > restart iis
    >
    >
    >
    > "Scott" <scooncethegapJUNKcompany.com> wrote in message
    news:<eCbeBlZVDHA.2268TK2MSFTNGP11.phx.gbl>...
    > > Hi Cowboy,
    > >
    > > We use your method #2 to link to images (stylesheets, javascript
    > > files, etc). Let me see if I can explain this in a better way.
    > >
    > > If we store the session in a cookie, things would look like this:
    > > current page url : [url]http://server/virtual/forms/form1.aspx[/url]
    > > which could have an image tag with src="../images/image.gif"
    > > which would mean that the _absolute_ url of the image that the
    browser
    > > will use to get it is something like:
    > > [url]http://server/virtual/forms/../images/image.gif[/url]
    > >
    > > If we store the session id in the url (cookieless), then things
    turn
    > > into this:
    > > current page url :
    > > [url]http://server/virtual/(1c3ejx25cbrwkin03vb4wsrb)/forms/form1.aspx[/url]
    > > with an image tag src="../images/image.gif"
    > > which leads to an "absolute" url for the browser of:
    > >
    [url]http://server/virtual/(1c3ejx25cbrwkin03vb4wsrb)/forms/../images/image.gif[/url]
    > >
    > >
    > > This is the problem (I think): When we use a relative url for
    > > non-aspx pages, IIS does not give "control" to the aspnet process,
    so
    > > the session id is not stripped out of the url, which means that
    IIS
    > > thinks (if it does) that the session id is just another directory
    of
    > > the url. I do use the "engine" in some other applications,
    notably
    > > where the images are coming from a db and such, but it would be
    nice
    > > if i did not have to do the same things for style sheets (etc).
    > >
    > > I also think it is strange that we only noticed this problem after
    > > installing the 1.1 Framework.
    > >
    > > Thanks,
    > > Scott
    > >
    > > "Cowboy (Gregory A. Beamer)" <NoSpamMgbworldcomcast.netRemuvThis>
    > > wrote in message news:uNm9X%23qUDHA.1276TK2MSFTNGP09.phx.gbl...
    > > > Images do not require session. As such, you would generally
    ignore
    > > the
    > > > session with images. In most apps, you drive images in one of
    three
    > > ways:
    > > >
    > > > 1. Direct access [url]http://mysite.com/image.gif[/url]
    > > > 2. Through relative URLs in the page
    > > > 3. Through an image engine
    [url]http://mysite.com/image.aspx?id=283490856[/url]
    > > >
    > > > When using cookieless sessions, direct access becomes a bit more
    of
    > > a pain,
    > > > but .NET can handle it for you ... without the traverse, that
    is. If
    > > the
    > > > traverse is necessary, you may need to create an image serving
    page
    > > (engine)
    > > > and let it pull the image from the file sys.
    > > >
    > > > --
    > > > Gregory A. Beamer
    > > > MVP; MCP: +I, SE, SD, DBA
    > > > Author: ADO.NET and XML: ASP.NET on the Edge
    > > >
    > > >
    > >
    ************************************************** ********************
    > > ******
    > > > ****
    > > > Think Outside the Box!
    > > >
    > >
    ************************************************** ********************
    > > ******
    > > > ****
    > > > "Scott" <scooncethegapJUNKcompany.com> wrote in message
    > > > news:%23NqjBToUDHA.2184TK2MSFTNGP10.phx.gbl...
    > > > > Hello,
    > > > >
    > > > > we are having problems displaying non-aspx files (images,
    style
    > > > > sheets) since we have upgraded to the 1.1 framework when using
    a
    > > > > cookieless session (sessionID in the url).
    > > > >
    > > > > Check out our file system set up below. Now, in an aspx page,
    we
    > > set
    > > > > as the "src" of our images something like
    "../images/animage.jpg".
    > > If
    > > > > the current actual url in the browser is something like
    > > > > [url]http://server/webapp/(someSessionID)/forms/form1.aspx[/url]
    > > > > then the url of the image could be interpreted as something
    like
    > > > >
    > > >
    > >
    [url]http://server/webapp/(someSessionID)/forms/form1.aspx/../images/animage.jpg[/url]
    > > > > (I think). (In the rendered html, of course, the image tag
    looks
    > > > > like: <img src="../images/animage.jpg">.)
    > > > >
    > > > > In the old framework, this way of specifying the image src url
    > > (ie.
    > > > > relative url) with cookieless sessions worked. However, in
    the
    > > new
    > > > > framework (1.1), it does not work. In testing, though, if we
    > > manually
    > > > > type the following url in the browser, the image is correctly
    > > > > retrieved:
    > > > >
    > > >
    > >
    [url]http://server/webapp/(someSessionID)/forms/form1.aspx/../../images/animage.jpg[/url]
    > > > >
    > > > > It seems that ASP/IIS takes the session ID in the url as a
    real
    > > part
    > > > > of the path.
    > > > >
    > > > > The above solution (adding another set of "../" if the
    > > > > Session.IsCookieless=false) to all url's for images,
    stylesheets,
    > > > > javascript files, etc is a possible workaround, but we think
    it's
    > > > > ugly. (Alternatives would be greatly appreciated.)
    > > > >
    > > > > So we are stumped. Frankly, we are surprised that more people
    > > have
    > > > > not brought this issue to the newsgroups' attention.
    > > > >
    > > > >
    > > > > --our set-up---
    > > > > Virtual Directory : [url]http://server/webapp[/url]
    > > > > located at: c:\inetpub\wwwroot\webapp
    > > > > and images at: c:\inetpub\wwwroot\webapp\images
    > > > > aspx forms at: c:\inetpub\wwwroot\webapp\forms
    > > > >
    > > > >
    > > > > Scott
    > > > > Jerome
    > > > >
    > > > >
    > > >
    > > >

    Scott Guest

Similar Threads

  1. Cookieless Session and Web Service Problem
    By localhost in forum ASP.NET Web Services
    Replies: 5
    Last Post: March 10th, 09:05 PM
  2. Session, SES, and SSL - Major session problems
    By revdave in forum Coldfusion - Advanced Techniques
    Replies: 0
    Last Post: April 23rd, 05:50 PM
  3. cookieless session? Who has it working?
    By Tom Pester in forum ASP.NET Security
    Replies: 0
    Last Post: February 22nd, 08:40 PM
  4. Cookieless Sessions...
    By JV in forum ASP.NET General
    Replies: 2
    Last Post: August 4th, 02:36 PM
  5. Cookieless Session and SearchEngines (Google, etc.)
    By Jan Wurl in forum ASP.NET General
    Replies: 0
    Last Post: July 4th, 05:44 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139