• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 5009
  • Last Modified:

ASP.NET - Change session cookie name from asp.net_sessionid

Hi,

I want to use the built in session management of ASP.NET, BUT I want the cookie name to be changed from asp.net_sessionid to something of my choosing.

Is there a way in the framework configuration or ASP.NET code that I can force the name of the session cookie from "asp.net_sessionid" to some other name?

Can it be done?

Thanks,

Mike
0
mchallis
Asked:
mchallis
  • 3
  • 2
1 Solution
 
dfiala13Commented:
No.  That is what it is named.  It is created by the SessionStateModule. If you could override this module then you could potentially rename it, but the class cannot be inherited.

You can, of course write your own class to based on IHttpModule to do your own session management and name your cookie anything you want, but that means you don't get to use the built-in session state features.
0
 
mchallisAuthor Commented:
Could I implement my own HttpModule / pipeline that renames my cookie to asp.net_sessionid on the way in and rename asp.net_sessionid the way out so that the browser deals with my cookie name but the framework sees the original name?

If this can be done, does anyone have any examples?
0
 
dfiala13Commented:
You could potentially could, but one wonders why you would go through the trouble to rename a cookie.
0
 
mchallisAuthor Commented:
True, but humour me.

It is to do with an existing infrastructure (web load balancers, proxies and a web farm) that uses the session cookie to give "sticky" sessions.  But the session cookie it looks for has to be of a predined name (pre ASP.NET).

Therefore if I can rename the ASP.NET cookie, the users session gets tied to one web server and proxy, otherwise it bounces around on each request.

Cheers,


Mike
0
 
dfiala13Commented:
Ah, I see.
Why rename the cookie, why not just create a cookie in an HttpModule with the proper name and set its value to the value in the ASP.NET approved session cookie.

Here's a little background on how Session IDs work in ASP.NET (don't mind the ad and the classic ASP stuff)

http://builder.com.com/5100-6373-1044890.html

Here's a link to MS's example custom HttpModule,  which actually should get you close .  Instead of returning a message in Application_EndRequest  simply add on your cookie to the Response.

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconcustomhttpmodules.asp
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now