Session URL Formatting

Malcolm Klotz · Apr 28, 2005

Hello,

I have a problem with ASP.Net:

I have an ASP.Net application on a web farm, using SQL Server Session
State Management, running on Windows 2000 (IIS 5)
With session management on, a URL like the following is created:
https://mywebapp.com/(ts2t2uivrj3vxg452ah33cvg)/start.aspx
The problem I am having is that at some point within the web application
I have to pass this link to an outside server, which in turn,
will do some work and then post back to my application. However, the
outside application is URL Encoding my URL, which in turn,
causes the URL to look like:
mywebapp.com/(suyvga3bcnzwrljiaxdfud30)/vbvnet.aspx
This cannot be handled by IIS, and induces a "page cannot be displayed
error"; which in effect, causes the application to terminate.

Is there any way that we can trap this error and redirect to the appropriate
location so that the web application does terminate, or is there a way
we can prevent the brackets within this application.

Hope I explained this correctly.

Appreciate any help.

Regards,

Malcolm Klotz

Alvin Bruney [MVP - ASP.NET] · Apr 29, 2005

One approach - not clean - you can catch the IIS error code 404 and then
handle the issue on a redirect page. Sorry, I can't think of anything
cleaner at the moment.

--
Regards,
Alvin Bruney - ASP.NET MVP

[Shameless Author Plug]
The Microsoft Office Web Components Black Book with .NET
Now available @ www.lulu.com/owc, Amazon.com etc

Steven Cheng[MSFT] · Apr 29, 2005

Thanks for Alvin's inputs,

Hi Malcolm,

Since you are using the cookieless Session(embed sessionid in the url
string) in your web app, is there any particular requirement in your
scenario that we must use cookieless session? Is it possbile that we use
cookieenabled session instread?

Also, as for passing the url to a outside server, I think we have the
following means:

1. If we are forced to use cookieless session and with the sessionid
embeded in the url, I suggest that we filter the sessionid when pass the
url out to the remote server. For example:

when giving the following url

https://mywebapp.com/(ts2t2uivrj3vxg452ah33cvg)/start.aspx

we can use substring concating or regex to get the url without embeded
sessionid like:

https://mywebapp.com/start.aspx

this can also work for the remote requster, the only difference is that the
request with non-sessionid url will be unable to retrieve the data in the
SessionState associated with the id. Do you think this means possbile?

2. If we also want to let the remote server be able to retrieve the
sessiondata, I suggest that we still pass the urlstring without embeded
sessionid , but also pass the SessionId string as separate data to that
remote server together with the url string. How do you think of this?

Please feel free to post here if you have any other questions or ideas.
Thanks,

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Malcolm Klotz · Apr 29, 2005

Thank you, you have given me a place to start.

Steven Cheng[MSFT] · Apr 30, 2005

You're welcome Malcolm,

Good luck! :-)

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Session URL Formatting

Malcolm Klotz

Alvin Bruney [MVP - ASP.NET]

Steven Cheng[MSFT]

Malcolm Klotz

Steven Cheng[MSFT]