Solved

ASP.NET - Change session cookie name from asp.net_sessionid

Posted on 2004-03-31
7
4,452 Views
Last Modified: 2009-11-06
Hi,

I want to use the built in session management of ASP.NET, BUT I want the cookie name to be changed from asp.net_sessionid to something of my choosing.

Is there a way in the framework configuration or ASP.NET code that I can force the name of the session cookie from "asp.net_sessionid" to some other name?

Can it be done?

Thanks,

Mike
0
Comment
Question by:mchallis
  • 3
  • 2
7 Comments
 
LVL 12

Expert Comment

by:dfiala13
Comment Utility
No.  That is what it is named.  It is created by the SessionStateModule. If you could override this module then you could potentially rename it, but the class cannot be inherited.

You can, of course write your own class to based on IHttpModule to do your own session management and name your cookie anything you want, but that means you don't get to use the built-in session state features.
0
 

Author Comment

by:mchallis
Comment Utility
Could I implement my own HttpModule / pipeline that renames my cookie to asp.net_sessionid on the way in and rename asp.net_sessionid the way out so that the browser deals with my cookie name but the framework sees the original name?

If this can be done, does anyone have any examples?
0
 
LVL 12

Expert Comment

by:dfiala13
Comment Utility
You could potentially could, but one wonders why you would go through the trouble to rename a cookie.
0
 

Author Comment

by:mchallis
Comment Utility
True, but humour me.

It is to do with an existing infrastructure (web load balancers, proxies and a web farm) that uses the session cookie to give "sticky" sessions.  But the session cookie it looks for has to be of a predined name (pre ASP.NET).

Therefore if I can rename the ASP.NET cookie, the users session gets tied to one web server and proxy, otherwise it bounces around on each request.

Cheers,


Mike
0
 
LVL 12

Accepted Solution

by:
dfiala13 earned 500 total points
Comment Utility
Ah, I see.
Why rename the cookie, why not just create a cookie in an HttpModule with the proper name and set its value to the value in the ASP.NET approved session cookie.

Here's a little background on how Session IDs work in ASP.NET (don't mind the ad and the classic ASP stuff)

http://builder.com.com/5100-6373-1044890.html

Here's a link to MS's example custom HttpModule,  which actually should get you close .  Instead of returning a message in Application_EndRequest  simply add on your cookie to the Response.

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconcustomhttpmodules.asp
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Suggested Solutions

Hello, all! I just recently started using Microsoft's IIS 7.5 within Windows 7, as I just downloaded and installed the 90 day trial of Windows 7. (Got to love Microsoft for allowing 90 days) The main reason for downloading and testing Windows 7 is t…
Have you ever needed to get an ASP script to wait for a while? I have, just to let something else happen. Or in my case, to allow other stuff to happen while I was murdering my MySQL database with an update. The Original Issue This was written…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now