ASP.Net_SessionId not copied over from request

LSamuel · March 15, 2023, 12:03am

Hi,

We are using ServiceStack over ASP.Net and have been noticing that that the ASP.Net_SessionId cookie is generated on session start and exists in the request (IRequest) cookies collection. However, this is missing from the request.OriginalRequest (HttpRequestWrapper) and the request.Response.OriginalResponse cookies collection and is not returned back in the reponse. Only the ssid, sspid and the forms authentication cookies added later appears here. Is there anything we need to be doing in code explicitly to include the ASP.Net_SessionId cookie being sent back in the response?

Thanks,
Leeny

layoric · March 15, 2023, 12:37am

Hi @LSamuel, could you confirm which version of ServiceStack you are running and any details of how you are hosting it or the AppHost configuration? By “over ASP.Net” can you confirm which version of dotnet you are using?

ServiceStack doesn’t use the ASP.NET Session or cookies, is this something you are using else where in your application? Any details of your use case would also help us give you more useful answers. Cheers.

LSamuel · March 15, 2023, 12:45am

@layoric, Thanks for the quick reponse. Here are some additional details:

We are using Service Stack v5.1.0 with .Net Framework version 4.6.1. The API has been published to Azure.
The forms authentication cookie (ASPXAUTH) and ASP.Net Session Id is being used for the code with some of the common legacy code.
in global.asax, when the session starts, we can see that the HttpContext request object has the ASP.netSession Id cookie and so does the IRequest object when we put a breakpoint in the global request filter. However, somewhere down the line, ones the ssid/ sspid cookies + the forms authentication cookies are added, the ASP.Net session cookie is not found in the HttpContext request object, but I can still see it in the IRequest object cookie collection in the global request/ response filters.

Also, we are using a custom HttpHandler defined in web.config to work with ASP.Net http Sessions.

Any assistance would be appreciated.

Thanks,
Leeny

layoric · March 15, 2023, 12:51am

Thanks for the additional context. If possible, could you upgrade to the latest version of ServiceStack (it will require .NET 4.7.2 as well) to test if this behavior is still present?

Without a reproduction it will be a lot of guess work to try to pin point what might be causing the issue, especially in an older setup with mixture of tech.

LSamuel · March 16, 2023, 2:52am

Thanks @layoric. I have put in a temporary fix to get past the issue for now. I will try and replicate this issue once i have a chance.