MVC2 Cookieless Session Issue using POST

Question

For some reason with cookieless session enabled in MVC2, the session id in the query string is reset with every form post that happens. Is there a special route that needs t

Answer 1

Microsoft Security Bulletin MS10-070 - Important: Vulnerability in ASP.NET Could Allow Information Disclosure (2418042)

If installed this update, check this KB.

Http.sys registry settings for IIS

Use cookieless session & form authentication auto insert this("/(S(...)F(...))/") Url path segment. Default UrlSegmentMaxLength is 260, but MS10-070 installed environment over this.I think it is a result for padding oracle.

Hope this help!