How to remove AspxAutoDetectCookieSupport

Question

Many of my url\'s on my site www.mysite.com/Display.aspx?ID=128

gets displayed to users as

www.mysite.com/Display.aspx?ID=128&AspxAutoDetectCookieSuppor

Answer 1

To remove this, change the cookieless property of sessionState in your web.config to false.

e.g.

<sessionState mode="InProc" cookieless="false" timeout="20" />

When cookieless is set to autodetect, the framework generates the AspxAutoDetectCookieSupport querystring to determine if the client has cookie support. If the client does not have cookies enabled, ASP.Net will store the users Session Id directly in the URL.

An application using ASP.Net cookieless session support http://i.msdn.microsoft.com/Aa479314.cookieless01(en-us,MSDN.10).gif

An application using ASP.Net cookieless session support

This potentially opens up your application to session hijacking and might be considered a risk. A better option may be to disable this feature and alert your users that they will need to have cookies enabled to use your application.

For more a more detailed look at this, read Cookieless ASP.Net by Dino Esposito on MSDN.

Answer 2

...or if you don't want cookieless sessions, check if you have the following property in your <sessionState> node: cookieless="AutoDetect" If you want to use cookies, but don't want that querystring attribute, remove cookieless="AutoDetect"