Session loss after migrating to ASP.NET 2.0

The HttpOnly attribute has been added to the Session cookie generated by ASP.NET 2.0. This value is hardcoded and cannot be changed via a setting in the application. While this is documented as a breaking change in the breaking changes document (linked below), it's not clear the types of symptoms you will see in your application, nor is the fix clearly stated.

void Application_EndRequest(object sender, EventArgs e)
{
     if (Response.Cookies.Count > 0)
     {
          foreach (string s in Response.Cookies.AllKeys)
          {
               if (s == FormsAuthentication.FormsCookieName || s.ToLower() == "asp.net_sessionid")
               {
                    Response.Cookies[s].HttpOnly = false;
               }
          }
     }
}

You could also roll this into a custom HttpModule to apply it across multiple applications if necessary.

Link to breaking changes document:
http://msdn2.microsoft.com/en-us/netframework/aa497240.aspx
http://msdn.microsoft.com/netframework/programming/breakingchanges/runtime/aspnet.aspx

Link to HttpOnly Attribute:
http://msdn2.microsoft.com/en-us/library/system.web.httpcookie.httponly.aspx

Link to HttpModule documentation:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconhttpmodules.asp

Special thanks to Shai Zohar for helping isolate the issue as well as testing the above solution.

Filed under: ASP.Net

相关阅读:
297. Serialize and Deserialize Binary Tree
331. Verify Preorder Serialization of a Binary Tree
332. Reconstruct Itinerary
329. Longest Increasing Path in a Matrix
319. Bulb Switcher
292. Nim Game
299. Bulls and Cows
Ice Cream Tower Gym
B
C

原文地址：https://www.cnblogs.com/huqingyu/p/1155152.html