Weird Session State Problem and Computer Names

Tuesday, November 25, 2003

One of my colleagues installed one of our ASP.NET applications on a demo laptop recently and came to me yesterday since he couldn't get it to work. It didn't take a long time to figure out that he had forgot the Infragistics controls that we use, along with Adobe Acrobat, so I installed them and tested it using localhost. He came back a short while later claiming that while it was now running, it wasn't working correctly, since his entries kept getting ignored. I tested it again using localhost and it certainly worked for me -- so I assumed he was doing something wrong and asked him to try it again. This time he sent me a screen shot of what he was seeing, and I noticed that he was using the computer name instead of localhost to access it. That seems innocent enough, but I decided to try it and sure enough the session state kept getting lost when using the computer name, but not with localhost. I looked at all the settings for IIS and everything else I could think of but it just didn't make any sense, and I certainly couldn't find anything wrong. Finally, I looked through the posts in the ASP.NET Forums that are related to State Management, looking for anything about session getting lost. That's when I found this MS support link that states cookies, and thus session, will cease to function if computer names have an underscore! Yes, this particular computer name had an underscore in it, and of course localhost doesn't, and it all makes perfect sense now, although the solution isn't very pretty. Anyhow, I've never personally used underscores in my computer names, but I also never realized it was a potential problem, so beware.

9 Comments

Thanks Paul.

"domain name and the server name"

Andrew - Tuesday, November 25, 2003 8:06:00 PM

whoa! Thanks for the heads up, Paul. I just installed a test run for some software I finished a few months ago onto an end-user's computer (into IIS) and held my breath for a second while I remembered his computer name has a *dash* (-) not an *underscore* (_)...whew!

Um, maybe I should click thru that link you got up there just to make sure.:)

Chris Frazier - Tuesday, November 25, 2003 9:26:00 PM

This is not the first IE security fix that screws up the way IE works (KB 814458 for another example). I suspect these security patches are rushed out without properly evaluating the negative implications: in this case surely it would have been possible to allow underscores without compromising security.

I understand that security is *the* priority, but that doesn't preclude making sure the fixes don't break existing apps.

Me - Tuesday, November 25, 2003 9:59:00 PM

What a wonderful bit of esoteric information! :-) Thanks, it was fun to read this post.

Scott Mitchell - Wednesday, November 26, 2003 1:31:00 AM

Paul - I fought that problem for SIX months. It happened with an I.E. upgrade and is only related to INTRANETs (ok on www). I could not get to the bottom of it because there was no pattern on why some machines at my client site were having the problem and others weren't. Oh, and it was with an ASP app which I had written in mid-2001. The problem started in maybe late spring of 2002. Finally I had the brilliant Chris Kinsman at my house when he was speaking at the user group (Oct. 2002) and I asked if he could look at the problem for me. He tried a few things, googled the CORRECT queries and found the answer that had evaded me for so long. So congrats for figuring it out all by yourself and very quickly too!

julie lerman - Wednesday, November 26, 2003 1:37:00 AM

What though if it is not practical to change the name of the computer or server? Is there another way round this

fmercer@blueyonder.co.uk

David - Saturday, January 10, 2004 1:39:00 PM

I didn't find a work-around, other than using localhost. I suppose you could use DNS to setup some other recognized names.

Paul Wilson - Saturday, January 10, 2004 1:52:00 PM

I don't think you can blame MS on this one, but the IETF:

Quote from RFC2821:

To promote interoperability and consistent with long-standing

guidance about conservative use of the DNS in naming and applications

(e.g., see section 2.3.1 of the base DNS document, RFC1035 [22]),

characters outside the set of alphas, digits, and hyphen MUST NOT

appear in domain name labels for SMTP clients or servers. In

particular, the underscore character is not permitted. SMTP servers

that receive a command in which invalid character codes have been

employed, and for which there are no other reasons for rejection,

MUST reject that command with a 501 response.

This probably also should be true for all DNS names. My guess is that MS conformed to this standard.

Reinhard

Reinhard Brongers - Thursday, May 13, 2004 8:50:00 AM

I had a similar issue and was stuck with it for more than one month.. I had no clue what was going on, since the IIS and DNS settings were correct.. infact I turned off the antivirus software too.. Anyway I was able to wrap my proj, only after I went thru ur blog.. Thanks a lot for this information.

- Senthil Babu

Senthil Babu - Wednesday, May 31, 2006 3:47:30 PM

Comments have been disabled for this content.