0

I have a web form app where users fill out a form, click submit and are redirected to a confirmation page. An ID is passed through a session which then is passed to the confirmation page. There's a intermittent issue occurring during submission, where the user is redirected to the root of the URL. The result is a 403-Forbidden Access Denied error. For example, user goes here: https://test.com/applications/abc.aspx?ID=25. When they complete the form and click submit, they're redirected to https://test.com. I do not see in my code the reason this behavior would occur. Also, this doesn't occur for everyone. What could cause such a behavior? Could it be server related (IIS), network related, or application related?

Michele DuBose
  • 1
  • https://learn.microsoft.com/en-us/iis/troubleshoot/using-failed-request-tracing/troubleshooting-failed-requests-using-tracing-in-iis Check what FRT can log about that 403 error, and you should find hints. – Lex Li Jul 16 '20 at 15:30
  • Does this answer your question? [403 - Forbidden: Access is denied. You do not have permission to view this directory or page using the credentials that you supplied](https://stackoverflow.com/questions/12893052/403-forbidden-access-is-denied-you-do-not-have-permission-to-view-this-direc) – Abdul Haseeb Jul 16 '20 at 15:35
  • I forgot to mention that my application is on load balance servers and I'm storing the session in a SQL database. – Michele DuBose Jul 17 '20 at 18:22

1 Answers1

0

I suspect if the session data is lost during the redirection. Under certain scenarios, the below statement may result in a new session and potentially losing session data.

Response.Redirect("~/Account/ChangePassword.aspx");

Especially the scenario that the client-side requires a cookieless session.
Please refer to the official remarks of the HttpResponse.Redirect method.
https://learn.microsoft.com/en-us/dotnet/api/system.web.httpresponse.redirect?view=netframework-4.8

Abraham Qian
  • 7,117
  • 1
  • 8
  • 22