ASP.NET Cookieless Session URL Issue ONLY in mobile safari

问题

We're hosted on AppHarbor and using their memcacher add-on, setup as described in their documentation:

<sessionState cookieless="false" regenerateExpiredSessionId="true" mode="Custom"
          customProvider="MemcachedSessionProvider" xdt:Transform="Insert">
  <providers>
    <add name="MemcachedSessionProvider"
         type="MemcachedProviders.Session.SessionStateProvider,MemcachedProviders"
         dbType="none" />
  </providers>
</sessionState>

We're seeing an issue that can be reproduced ONLY by:

1. Following a twitter shortened URL to appfail.net inside iOS Safari (or the twitter iphone app's in-built webkit browser): http://t.co/6tRXopEJ
2. Click on our 'Run Demo' button, which then automatically signs the user in, with our demo account.

At this point the server issues a 302 redirect to an invalid URL, eg: http://appfail.net/(F(FckQ4UX0zD_WSxk_adpkk3YysHsYQS4TSVpljxmswyBqEAZ1q-YhW4KePrpYQfJ4KlLGaiyje_TbpeSARVyI8LioQ7Jp5EIc0Zm9u99IqRRkkoMh_wr-jrsrvje4J7KpUt1n87xEMzMeqHzpMz9ksm42IqNnf3F9B6GBwrnuA5EY_YsV0))/Applications

The url appears to contain a SessionID, in the same format that IIS uses for cookieless sessions. This would also make sense, since IIS can be configured to use sessionless cookies based on the UserAgent - hence why it only reproduces in mobile safari (although I'm not sure why it only happens with the t.co/ redirect, and not when loading the page directly)

The strange thing is -- we have cookieless sessions turned off! As you can see in the session state above. I've also tried this with the setting 'cookieless="UseCookies"'... No luck!

I've added logging and even verified that the system in configured as "UseCookies" while running.

So, I'm wondering how we could possibly be redirecting users to a cookieless-URL, just using RedirectToAction()?

I'm wondering if this could be related to the custom session state provider -- MemcachedProvider? Or is it something more basic?

Thanks Sam

回答1:

It might be due to faulty ASP.NET client capability detection, please check this question: Asp.Net Forms Authentication when using iPhone UIWebView

回答2:

Microsoft released a Hotfix in September 2011 which has resolved the similar problems I had been having with IE10 in the Windows 8 Preview Release.

来源：https://stackoverflow.com/questions/10998714/asp-net-cookieless-session-url-issue-only-in-mobile-safari