Session and Pop Up Window

Saturday, April 3, 2010

ASP.NET C# Session

Introduction :

Session is the secure state management. It allows the user to store their information in one page and access in another page. Also it is so much powerful that store any type of object. Every user's session is identified by their cookie, which client presents to server. But unfortunately when you open a new pop up window, this cookie is not post to server with request, due to which server is unable to identify the session data for current user.

In this Article i will show you how to handle this situation,

Description :

During working in a application, i was getting an Exception saying that Session is null, when a pop window opens. After seeing the problem more closely i found that ASP.NET_SessionId cookie for parent page is not post in cookie header of child (popup) window.

Therefore for making session present in both parent and child (popup) window, you have to present same cookie. For cookie sharing i passed parent SessionID in query string,

window.open('http://abc.com/s.aspx?SASID=" & Session.SessionID &','V');

and in Application_PostMapRequestHandler application Event, check if the current request has no ASP.NET_SessionId cookie and SASID query string is not null then add this cookie to Request before Session is acquired, so that Session data remain same for both parent and popup window.

Private Sub Application_PostMapRequestHandler(ByVal sender As Object, ByVal e As EventArgs)
         If (Request.Cookies("ASP.NET_SessionId") Is Nothing) AndAlso (Request.QueryString("SASID") IsNot Nothing) Then
             Request.Cookies.Add(New HttpCookie("ASP.NET_SessionId", Request.QueryString("SASID")))
         End If
     End Sub

Now access Session in your parent and child window without any problem.

How this works :

ASP.NET (both Web Form or MVC) uses a cookie (ASP.NET_SessionId) to identify the user who is requesting. Cookies are may be persistent (saved permanently in user cookies ) or non-persistent (saved temporary in browser memory). ASP.NET_SessionId cookie saved as non-persistent. This means that if the user closes the browser, the cookie is immediately removed. This is a sensible step that ensures security. That's why ASP.NET unable to identify that the request is coming from the same user. Therefore every browser instance get it's own ASP.NET_SessionId. To resolve this you need to present the same parent ASP.NET_SessionId cookie to the server when open a popup window.

You can confirm this situation by using some tools like Firebug, Fiddler,

Summary :

Hopefully you will enjoy after reading this article, by seeing that how to workaround the problem of sharing Session between different browser instances by sharing their Session identifier Cookie.

Hi,

Thank you very much for this Nice Write Up.

Really had not put much thought into keeping consistent session for popups.

Raghuraman

Raghuraman - Monday, April 5, 2010 2:56:29 PM

Hi,
I am still not able to get the session value. Its there till the page load but on button click there is no session value , do you have any idea that why this is happening.

I have checked SSID and it appears to be fine....

Sam - Monday, December 26, 2011 11:02:35 AM

@Sam, Make sure to put this inside PostMapRequestHandler event.

imran_ku07 - Monday, December 26, 2011 11:30:11 AM

3 Comments