MVC2 Cookieless Session Issue using POST

For some reason with cookieless session enabled in MVC2, the session id in the query string is reset with every form post that happens. Is there a special route that needs to be setup for this to wor开发者_如何学运维k?

Are there any other gotcha's I need to be aware of?

Thanks.

Cookieless sessions do work in MVC2, however, you cannot use POST as the method for the form submit. It only supports the use of GET. Also, all of the action paths on the forms need to be updated to the following pattern:

<form action="<%= Response.ApplyAppPathModifier("/SomeController/SomeAction") %>" method="get">

That will ensure that the session id is automatically passed along. This is the line needed in the web.config file to enable cookieless sessions:

<system.web>
    <sessionState cookieless="true" regenerateExpiredSessionId="true"></sessionState>
</system.web>

With those two above changes, everything worked!

If you are interested in a workaround for getting POST to work with Cookieless session and MCV2, I found the following page. Enabling POST in Cookieless ASP.NET This wasn't well suited for my project because I am not able to use JavaScript.

Cookieless sessions are not supported in MVC 2 and are unlikely to be supported in future versions of MVC. See http://forums.asp.net/p/1517391/3738312.aspx for more information.

Microsoft Security Bulletin MS10-070 - Important: Vulnerability in ASP.NET Could Allow Information Disclosure (2418042)

If installed this update, check this KB.

Http.sys registry settings for IIS

Use cookieless session & form authentication auto insert this("/(S(...)F(...))/") Url path segment. Default UrlSegmentMaxLength is 260, but MS10-070 installed environment over this.I think it is a result for padding oracle.

Hope this help!