We're hosted on AppHarbor and using their memcacher add-on, setup as described in their documentation:
<sessionState cookieless="false" regenerateExpiredSessionId="true" mode="Custom"
customProvider="MemcachedSessionProvider" xdt:Transform="Insert">
<providers>
<add name="MemcachedSessionProvider"
type="MemcachedProviders.Session.SessionStateProvider,MemcachedProviders"
dbType="none" />
</providers>
</sessionState>
We're seeing an issue that can be reproduced ONLY by:
- Following a twitter shortened URL to appfail.net inside iOS Safari (or the twitter iphone app's in-built webkit browser): http://t.co/6tRXopEJ
- Click on our 'Run Demo' button, which then automatically signs the user in, with our demo account.
At this point the server issues a 302 redirect to an invalid URL, eg: http://appfail.net/(F(FckQ4UX0zD_WSxk_adpkk3YysHsYQS4TSVpljxmswyBqEAZ1q-YhW4KePrpYQfJ4KlLGaiyje_TbpeSARVyI8LioQ7Jp5EIc0Zm9u99IqRRkkoMh_wr-jrsrvje4J7KpUt1n87xEMzMeqHzpMz9ksm42IqNnf3F9B6GBwrnuA5EY_YsV0))/Applications
The url appears to contain a SessionID, in the same format that IIS uses for cookieless sessions. This would also make sense, since IIS can be configured to use sessionless cookies based on the UserAgent - hence why it only reproduces in mobile safari (although I'm not sure why it only happens with the t.co/ redirect, and not when loading the page directly)
The strange thing is -- we have cookieless sessions turned off! As you can see in the session state above. I've also tried this with the setting 'cookieless="UseCookies"'... No luck!
I've added logging and even verified that the system in configured as "UseCookies" while running.
So, I'm wondering how we could possibly be redirecting users to a cookieless-URL, just using RedirectToAction()?
I'm wondering if this could be related to the custom session state provider -- MemcachedProvider? Or is it something more basic?
Thanks Sam
