4

We are upgrading a web-based software from Windows XP with Internet Explorer 6 to Windows 7 with Internet Explorer 9.

Furthermore, a webbrowser object is used inside a WPF application.

We now have a strange behavior, when opening a window with a url (with an instruction like window.open(url)), the ASP session is "lost" and the new window works with a new from scratch session.

I solved this issue by avoiding useless windows opening and instead, I modify the location of the current window. But I would like to understand why this behavior !

Do you have any clue ?

Thank you.

BenjaminB
  • 1,809
  • 3
  • 18
  • 32
  • You probably need to manually set the cookie that is used for the ASP session. Check your cookies. – buddhabrot Dec 12 '11 at 09:48
  • 1
    Can you eloborate on "opening a window with a URL"? Do you mean openning a new application window in your app that hosts a Webbrowser control? OR Do you mean you launch a new IE window by some other navigation? – AnthonyWJones Dec 12 '11 at 13:09
  • Here is a test, without any instance of IExplore.exe running, attempt to perform you navigation. Do instances to IExplore.exe appear in your processes list? – AnthonyWJones Dec 12 '11 at 13:16
  • @AnthonyWJones I mean calling the method open of a window. – BenjaminB Dec 12 '11 at 16:16

4 Answers4

3

This could be cause by a simple different in your domain name, if you are running on www.yoursite.com but the window points to yoursite.com then a new session will be created. A nasty one to catch so look out for it.

Additionally you might have some debug code floating around in a page somewhere, this can cause a lot of head scratching, clearing out a session variable for testing for instance. Something else to check for, long shot though but you never know.

Pete Duncanson
  • 3,208
  • 2
  • 25
  • 35
3

Assuming your navigation all go to the same domain then another cause for this could be the switching of processes. As of IE8 the IE "chrome" and tab content were seperated into two processes. Further IE can create multiple content processes for content in different windows and tabs.

If your app is hosting a webbrowser control which then launches a full IE window, the chances are that your new URL is being requested by another process (iexpore.exe) not your apps process. As a result the request does not have access to session cookies hence the session appears "lost".

(Its worth noting that the multiple iexplore.exe process instances in the same process tree have a means of sharing session cookies with each other).

AnthonyWJones
  • 187,081
  • 35
  • 232
  • 306
1

I think you are likely having the same problems that this answer addresses. Essentially it is probably due to Security Zone errors within IE on the specific computer you are using. As others have noted and I can reiterate, sessions are carried into other IE (6, 7, 8, 9) windows opened by javascript, as long as the domain is not changing.

Good luck!

Community
  • 1
  • 1
neouser99
  • 1,807
  • 1
  • 10
  • 23
0

Some references to help you:

When you open a new window using the javascript as default IE, create a new window, as well isn't the same session and history. If you get the last referrer from a javascript new window, it will come empty in major browsers.

And you can keep your session history if your window.open function is triggered inside an anchor object:

<script>
function windowOpen() { window.open("my_page.asp","_blank"); };
</script>
<a href="javascript:windowOpen();">my link</a>
Gabriel Gartz
  • 2,840
  • 22
  • 24
  • 1
    The description of IE behaviour is very doubtful. In a standard IExpore.exe process window all new windows generated by javascript or html will share the same session level cookie store. The only way to create a fresh new session is for the user to deliberately ask IE to do so via the File menu. – AnthonyWJones Dec 13 '11 at 10:55
  • I didn't find documentation for this case, but I have done some tests in the past, and the result was when I have used a trigger to open new windows in javascript outside an anchor, the window opens without history and with new session. The cookies are there, but that's why cookies are related with the URL. You can bypass the browser referrer check using window.open from javascript, because the session and history are lost when you done it. Try for your self. – Gabriel Gartz Dec 13 '11 at 11:03
  • Perhaps your understanding of what "session" means varies from what I understand it to mean. In the context of this question the "session" is directly linked to the maintenance of session cookies (those cookies that are not persisted to disk). I have used extensively a wide variety of methods to launch a new window and I've never come across what you seem to describe, in fact the very opposite is true. Its not possible to launch a new window that doesn't share the session cookie store of the current window. The real issue here is that the initial host process is not iexplore.exe. – AnthonyWJones Dec 13 '11 at 11:17
  • I was talking about ASP session (server-side), that is related for the @Ubiquité question. Cookies session will remain in the browser however you have open the window, some browsers have a `private` navigation mode that will ignore the cookie sessions. – Gabriel Gartz Dec 13 '11 at 11:29
  • The ASP Session is directly linked to session cookies since ASP uses a session level cookie to link an incoming request with an existing session. Some browsers do have a private mode as does IE but your answer addresses IE specifically as does the question. Again the private mode is a specific choice made by the users from the Browser UI, its not invoked by the normal navigation with in the page or its javascript. – AnthonyWJones Dec 13 '11 at 11:55
  • As well, IIS creates a new session when you open a new window using window.open from js, it just don't do that when it comes from a anchor. Test it your self. I don't know if the asp session is only related with browser cookies, but something that is interesting, if you disable your browser cookies, the ASP session will still working, if is only related with cookies, how do you explain it behaviors? – Gabriel Gartz Dec 13 '11 at 12:13
  • 2
    I can't explain what you are seeing and I'm giving up trying to convince you. I just need my comments to be here to combat clearly erroroneous information. This is not a matter of opinion. Its a matter of fact that ASP Sessions are maintained through session level cookies (use Fiddler to observe this). Its also a matter of fact the `window.open` creates a new window that shares session cookies. A fact that 1000s of users of my code rely on and are not observing what you seem to be describing. – AnthonyWJones Dec 13 '11 at 12:47
  • Ok, let's see if someone else can explain it deeply: http://stackoverflow.com/questions/8489931/how-classic-asp-session-works-in-deeply So if I'm wrong I fix the answer. But my code work as expected. – Gabriel Gartz Dec 13 '11 at 13:19