Interesting observation on Sessions
A web application loses its SessionModule in the following case:
In the sub-folder - Admin, the web application has a web.config like the below:
When the user moves to Admin folder, and comes back to the main application, access to Session object in the runtime throws HttpException!
- Web application runs on IIS 7 in integrated pipeline mode
- Web application has few folders that are authorized by forms authentication
- The remaining Web application has access to unauthenticated users
- The user moves from the free-for-all zone to authenticated zone and moves back to the free-for-all zone.
- In this case, the web application does not have access to Session module. Any run-time access to Session object will throw a HttpException. The code if (Session != null) will create exception.
<authentication mode="Forms"><forms loginUrl="~/Admin/Login.aspx" defaultUrl="~/Admin/Login.aspx" timeout="30" slidingExpiration="true"><credentials passwordFormat="Clear"></credentials></forms></authentication><authorization><allow users="?" /></authorization>
In the sub-folder - Admin, the web application has a web.config like the below:
<authorization><deny users="?" verbs="*" /></authorization>
When the user moves to Admin folder, and comes back to the main application, access to Session object in the runtime throws HttpException!
Posted by Vijay on 29-Oct-2010 04:26 PM
Category : ASP.NET
Category : ASP.NET
This issue is resolved by making an adjustment in the web.config. Check the next post for resolution!