SUMMARY: When browsing an ASP.NET website using Windows Explorer, popup windows do not "borrow" the session cookie from the parent window.
DETAILS:
I'm working on an ASP.NET website (.NET 2.0). I use FormsAuthentication. It is a requirement to use cookies to handle the session.
On a page I have a button. When the user clicks it, a popup window is opened. The popup displays an ASPX page that uses session variables, previously set from the parent browser window. I've been testing the website using IE (6, 7, 8) and Firefox 2.0. On all these browsers, the popup window has access to the same session as the parent browser window and everything works ok.
I now have a bug raised by the client, stating that the popup window displays an error. Looking at the log file, I can see that it is a NullReferenceException at the moment the popup page tries to access the session variables. Talking with the client, he said that he opened the main website in Windows Explorer !!!
I've managed to recreate the issue on a test machine and saw that the popup is using a new session.
The machine must have Win XP an IE6 installed ! With IE7 the website works ok.
My suspicion here is that when opened from Windows Explorer (not that I fully understand what you mean by this), the session cookie that is being sent back is not stored anywhere and thus not available for the pop up window to include with its request. I don't see how you can get around this. Is it not possible to tell the client that this means of accessing the application is not supported?
I have seen the same issue with IE 8 , the issues does not occur in Firefox, Google Chrome or IE 6 . In my case I can see that the Session is actually working bu the Authentication terminates redirecting the user to the login page again for him to login...
来源:https://stackoverflow.com/questions/200890/asp-net-popup-browser-windows-and-session-cookies