Cookieless session problems

[Scott]

Hello,

we are having problems displaying non-aspx files (images, style
sheets) since we have upgraded to the 1.1 framework when using a
cookieless session (sessionID in the url).

Check out our file system set up below. Now, in an aspx page, we set
as the "src" of our images something like "../images/animage.jpg". If
the current actual url in the browser is something like
[url]http://server/webapp/(someSessionID)/forms/form1.aspx[/url]
then the url of the image could be interpreted as something like
[url]http://server/webapp/(someSessionID)/forms/form1.aspx/../images/animage.jpg[/url]
(I think). (In the rendered html, of course, the image tag looks
like: <img src="../images/animage.jpg">.)

In the old framework, this way of specifying the image src url (ie.
relative url) with cookieless sessions worked. However, in the new
framework (1.1), it does not work. In testing, though, if we manually
type the following url in the browser, the image is correctly
retrieved:
[url]http://server/webapp/(someSessionID)/forms/form1.aspx/../../images/animage.jpg[/url]

It seems that ASP/IIS takes the session ID in the url as a real part
of the path.

The above solution (adding another set of "../" if the
Session.IsCookieless=false) to all url's for images, stylesheets,
javascript files, etc is a possible workaround, but we think it's
ugly. (Alternatives would be greatly appreciated.)

So we are stumped. Frankly, we are surprised that more people have
not brought this issue to the newsgroups' attention.


--our set-up---
Virtual Directory : [url]http://server/webapp[/url]
located at: c:\inetpub\wwwroot\webapp
and images at: c:\inetpub\wwwroot\webapp\images
aspx forms at: c:\inetpub\wwwroot\webapp\forms


Scott
Jerome

[Scott]

Hi Cowboy,

We use your method #2 to link to images (stylesheets, javascript
files, etc). Let me see if I can explain this in a better way.

If we store the session in a cookie, things would look like this:
current page url : [url]http://server/virtual/forms/form1.aspx[/url]
which could have an image tag with src="../images/image.gif"
which would mean that the _absolute_ url of the image that the browser
will use to get it is something like:
[url]http://server/virtual/forms/../images/image.gif[/url]

If we store the session id in the url (cookieless), then things turn
into this:
current page url :
[url]http://server/virtual/(1c3ejx25cbrwkin03vb4wsrb)/forms/form1.aspx[/url]
with an image tag src="../images/image.gif"
which leads to an "absolute" url for the browser of:
[url]http://server/virtual/(1c3ejx25cbrwkin03vb4wsrb)/forms/../images/image.gif[/url]


This is the problem (I think): When we use a relative url for
non-aspx pages, IIS does not give "control" to the aspnet process, so
the session id is not stripped out of the url, which means that IIS
thinks (if it does) that the session id is just another directory of
the url. I do use the "engine" in some other applications, notably
where the images are coming from a db and such, but it would be nice
if i did not have to do the same things for style sheets (etc).

I also think it is strange that we only noticed this problem after
installing the 1.1 Framework.

Thanks,
Scott

"Cowboy (Gregory A. Beamer)" <NoSpamMgbworld@comcast.netRemuvThis>
wrote in message news:uNm9X%23qUDHA.1276@TK2MSFTNGP09.phx.gbl...

> Images do not require session. As such, you would generally ignore

the

> session with images. In most apps, you drive images in one of three

ways:

>
> 1. Direct access [url]http://mysite.com/image.gif[/url]
> 2. Through relative URLs in the page
> 3. Through an image engine [url]http://mysite.com/image.aspx?id=283490856[/url]
>
> When using cookieless sessions, direct access becomes a bit more of

a pain,

> but .NET can handle it for you ... without the traverse, that is. If

the

> traverse is necessary, you may need to create an image serving page

(engine)

> and let it pull the image from the file sys.
>
> --
> Gregory A. Beamer
> MVP; MCP: +I, SE, SD, DBA
> Author: ADO.NET and XML: ASP.NET on the Edge
>
>

************************************************** ********************
******

> ****
> Think Outside the Box!
>

************************************************** ********************
******

> ****
> "Scott" <scoonce@thegapJUNKcompany.com> wrote in message
> news:%23NqjBToUDHA.2184@TK2MSFTNGP10.phx.gbl...

> > Hello,
> >
> > we are having problems displaying non-aspx files (images, style
> > sheets) since we have upgraded to the 1.1 framework when using a
> > cookieless session (sessionID in the url).
> >
> > Check out our file system set up below. Now, in an aspx page, we

set

> > as the "src" of our images something like "../images/animage.jpg".

If

> > the current actual url in the browser is something like
> > [url]http://server/webapp/(someSessionID)/forms/form1.aspx[/url]
> > then the url of the image could be interpreted as something like
> >

>

[url]http://server/webapp/(someSessionID)/forms/form1.aspx/../images/animage.jpg[/url]

> > (I think). (In the rendered html, of course, the image tag looks
> > like: <img src="../images/animage.jpg">.)
> >
> > In the old framework, this way of specifying the image src url

(ie.

> > relative url) with cookieless sessions worked. However, in the

new

> > framework (1.1), it does not work. In testing, though, if we

manually

> > type the following url in the browser, the image is correctly
> > retrieved:
> >

>

[url]http://server/webapp/(someSessionID)/forms/form1.aspx/../../images/animage.jpg[/url]

> >
> > It seems that ASP/IIS takes the session ID in the url as a real

part

> > of the path.
> >
> > The above solution (adding another set of "../" if the
> > Session.IsCookieless=false) to all url's for images, stylesheets,
> > javascript files, etc is a possible workaround, but we think it's
> > ugly. (Alternatives would be greatly appreciated.)
> >
> > So we are stumped. Frankly, we are surprised that more people

have

> > not brought this issue to the newsgroups' attention.
> >
> >
> > --our set-up---
> > Virtual Directory : [url]http://server/webapp[/url]
> > located at: c:\inetpub\wwwroot\webapp
> > and images at: c:\inetpub\wwwroot\webapp\images
> > aspx forms at: c:\inetpub\wwwroot\webapp\forms
> >
> >
> > Scott
> > Jerome
> >
> >

>
>

[levous]

problems displaying images, style sheets using cookieless session
(sessionID in the url) - cookieless session broken images.

Finally... I found the answer! at least in my case.
Hope this helps!
Check your isapi filters in iis. Make sure ASP.net is included and
running. Here's how.

open internet services manager
right clik on the server node and choose properties
master properties <edit>
(tab) isapi flters
look for an entry "ASP.NET_x.xx.x.x.x"
if it is not there, this is your problem!

<add> ASP.Net
C:\WINNT\Microsoft.NET\Framework\v1.0.3705\aspnet_ filter.dll

the above value is for 1.0.3705
you should use whichever version you are running.
restart iis

"Scott" <scoonce@thegapJUNKcompany.com> wrote in message news:<#NqjBToUDHA.2184@TK2MSFTNGP10.phx.gbl>...

> Hello,
>
> we are having problems displaying non-aspx files (images, style
> sheets) since we have upgraded to the 1.1 framework when using a
> cookieless session (sessionID in the url).
>
> Check out our file system set up below. Now, in an aspx page, we set
> as the "src" of our images something like "../images/animage.jpg". If
> the current actual url in the browser is something like
> [url]http://server/webapp/(someSessionID)/forms/form1.aspx[/url]
> then the url of the image could be interpreted as something like
> [url]http://server/webapp/(someSessionID)/forms/form1.aspx/../images/animage.jpg[/url]
> (I think). (In the rendered html, of course, the image tag looks
> like: <img src="../images/animage.jpg">.)
>
> In the old framework, this way of specifying the image src url (ie.
> relative url) with cookieless sessions worked. However, in the new
> framework (1.1), it does not work. In testing, though, if we manually
> type the following url in the browser, the image is correctly
> retrieved:
> [url]http://server/webapp/(someSessionID)/forms/form1.aspx/../../images/animage.jpg[/url]
>
> It seems that ASP/IIS takes the session ID in the url as a real part
> of the path.
>
> The above solution (adding another set of "../" if the
> Session.IsCookieless=false) to all url's for images, stylesheets,
> javascript files, etc is a possible workaround, but we think it's
> ugly. (Alternatives would be greatly appreciated.)
>
> So we are stumped. Frankly, we are surprised that more people have
> not brought this issue to the newsgroups' attention.
>
>
> --our set-up---
> Virtual Directory : [url]http://server/webapp[/url]
> located at: c:\inetpub\wwwroot\webapp
> and images at: c:\inetpub\wwwroot\webapp\images
> aspx forms at: c:\inetpub\wwwroot\webapp\forms
>
>
> Scott
> Jerome

[Scott]

We haven't been able to try it yet to see if this was our problem (IIS
filter was empty though).

Thank you, levous, for your solution. Been looking for something like
this for a long time; thanks.

Scott

"levous" <rzarse@yahoo.com> wrote in message
news:81ae55e.0308040631.2e8012ae@posting.google.co m...

> problems displaying images, style sheets using cookieless session
> (sessionID in the url) - cookieless session broken images.
>
> Finally... I found the answer! at least in my case.
> Hope this helps!
> Check your isapi filters in iis. Make sure ASP.net is included and
> running. Here's how.
>
> open internet services manager
> right clik on the server node and choose properties
> master properties <edit>
> (tab) isapi flters
> look for an entry "ASP.NET_x.xx.x.x.x"
> if it is not there, this is your problem!
>
> <add> ASP.Net
> C:\WINNT\Microsoft.NET\Framework\v1.0.3705\aspnet_ filter.dll
>
> the above value is for 1.0.3705
> you should use whichever version you are running.
> restart iis
>
>
>
> "Scott" <scoonce@thegapJUNKcompany.com> wrote in message

news:<eCbeBlZVDHA.2268@TK2MSFTNGP11.phx.gbl>...

> > Hi Cowboy,
> >
> > We use your method #2 to link to images (stylesheets, javascript
> > files, etc). Let me see if I can explain this in a better way.
> >
> > If we store the session in a cookie, things would look like this:
> > current page url : [url]http://server/virtual/forms/form1.aspx[/url]
> > which could have an image tag with src="../images/image.gif"
> > which would mean that the _absolute_ url of the image that the

browser

> > will use to get it is something like:
> > [url]http://server/virtual/forms/../images/image.gif[/url]
> >
> > If we store the session id in the url (cookieless), then things

turn

> > into this:
> > current page url :
> > [url]http://server/virtual/(1c3ejx25cbrwkin03vb4wsrb)/forms/form1.aspx[/url]
> > with an image tag src="../images/image.gif"
> > which leads to an "absolute" url for the browser of:
> >

[url]http://server/virtual/(1c3ejx25cbrwkin03vb4wsrb)/forms/../images/image.gif[/url]

> >
> >
> > This is the problem (I think): When we use a relative url for
> > non-aspx pages, IIS does not give "control" to the aspnet process,

so

> > the session id is not stripped out of the url, which means that

IIS

> > thinks (if it does) that the session id is just another directory

of

> > the url. I do use the "engine" in some other applications,

notably

> > where the images are coming from a db and such, but it would be

nice

> > if i did not have to do the same things for style sheets (etc).
> >
> > I also think it is strange that we only noticed this problem after
> > installing the 1.1 Framework.
> >
> > Thanks,
> > Scott
> >
> > "Cowboy (Gregory A. Beamer)" <NoSpamMgbworld@comcast.netRemuvThis>
> > wrote in message news:uNm9X%23qUDHA.1276@TK2MSFTNGP09.phx.gbl...

> > > Images do not require session. As such, you would generally

ignore

> > the

> > > session with images. In most apps, you drive images in one of

three

> > ways:

> > >
> > > 1. Direct access [url]http://mysite.com/image.gif[/url]
> > > 2. Through relative URLs in the page
> > > 3. Through an image engine

[url]http://mysite.com/image.aspx?id=283490856[/url]

> > >
> > > When using cookieless sessions, direct access becomes a bit more

of

> > a pain,

> > > but .NET can handle it for you ... without the traverse, that

is. If

> > the

> > > traverse is necessary, you may need to create an image serving

page

> > (engine)

> > > and let it pull the image from the file sys.
> > >
> > > --
> > > Gregory A. Beamer
> > > MVP; MCP: +I, SE, SD, DBA
> > > Author: ADO.NET and XML: ASP.NET on the Edge
> > >
> > >

> >

************************************************** ********************

> > ******

> > > ****
> > > Think Outside the Box!
> > >

> >

************************************************** ********************

> > ******

> > > ****
> > > "Scott" <scoonce@thegapJUNKcompany.com> wrote in message
> > > news:%23NqjBToUDHA.2184@TK2MSFTNGP10.phx.gbl...
> > > > Hello,
> > > >
> > > > we are having problems displaying non-aspx files (images,

style

> > > > sheets) since we have upgraded to the 1.1 framework when using

a

> > > > cookieless session (sessionID in the url).
> > > >
> > > > Check out our file system set up below. Now, in an aspx page,

we

> > set

> > > > as the "src" of our images something like

"../images/animage.jpg".

> > If

> > > > the current actual url in the browser is something like
> > > > [url]http://server/webapp/(someSessionID)/forms/form1.aspx[/url]
> > > > then the url of the image could be interpreted as something

like

> > > >
> > >

> >

[url]http://server/webapp/(someSessionID)/forms/form1.aspx/../images/animage.jpg[/url]

> > > > (I think). (In the rendered html, of course, the image tag

looks

> > > > like: <img src="../images/animage.jpg">.)
> > > >
> > > > In the old framework, this way of specifying the image src url

> > (ie.

> > > > relative url) with cookieless sessions worked. However, in

the

> > new

> > > > framework (1.1), it does not work. In testing, though, if we

> > manually

> > > > type the following url in the browser, the image is correctly
> > > > retrieved:
> > > >
> > >

> >

[url]http://server/webapp/(someSessionID)/forms/form1.aspx/../../images/animage.jpg[/url]

> > > >
> > > > It seems that ASP/IIS takes the session ID in the url as a

real

> > part

> > > > of the path.
> > > >
> > > > The above solution (adding another set of "../" if the
> > > > Session.IsCookieless=false) to all url's for images,

stylesheets,

> > > > javascript files, etc is a possible workaround, but we think

it's

> > > > ugly. (Alternatives would be greatly appreciated.)
> > > >
> > > > So we are stumped. Frankly, we are surprised that more people

> > have

> > > > not brought this issue to the newsgroups' attention.
> > > >
> > > >
> > > > --our set-up---
> > > > Virtual Directory : [url]http://server/webapp[/url]
> > > > located at: c:\inetpub\wwwroot\webapp
> > > > and images at: c:\inetpub\wwwroot\webapp\images
> > > > aspx forms at: c:\inetpub\wwwroot\webapp\forms
> > > >
> > > >
> > > > Scott
> > > > Jerome
> > > >
> > > >
> > >
> > >