Maintaining Cookieless Session Values in Dynamically Generated Hyperlinks

Maintaining Cookieless Session Values in Dynamically Generated Hyperlinks

When using cookieless Forms Authentication, which relies on session values embedded and maintained in the URL, you must ensure that the session value appears in the URL for every page request; otherwise, the user’s session is lost, and the user (who has presumably logged in and authenticated) gets logged out and has to authenticate again.

ASP.NET automatically maintains URL session values for you for all non-absolute URLs (those where the URL does not start with either http:// or a slash (/). That strategy means that ASP.NET handles most cases.

However, there are cases when ASP.NET does not handle embedding the session value in the URL. I came across one such case recently.

The requirement was to run through the Site Map file and dynamically create hyperlinks within different panel controls on a page. That seemed simple enough; all I had to do was to use the SiteMap class’s methods to retrieve child nodes of the CurrentNode and create hyperlink server controls in code. The code to create the hyperlinks looked something like this:

   Dim contentHyperlink as new hyperlink()   contentHyperlink.navigateUrl=mySiteMapNodeCollectionObject.url   panel1.controls.add(contentHyperlink)

However, it turns out that in such cases, ASP.NET does not maintain the SessionID in the URL for you. A quick look at the page source in this case uncovered that all the URLs for the dynamically generated hyperlinks were absolute—and ASP.NET doesn’t append the SessionID value to absolute URLs automatically.

To resolve this issue, you need to change the navigateUrl property assignment like this:

contentHyperlink.navigateUrl=Response.ApplyAppPathModifier( _   mySiteMapNodeCollectionObject.url)

The ApplyAppPathModifier method embeds the SessionID into the hyperlink. The method’s single parameter takes a virtual path.

See also  Redefining Energy Management: Advanced Solutions for Modern Buildings

Note that this works only when your web site has been configured to use cookieless sessions. That is, the web.config must declare session configuration as follows:

For a complete reference, visit MSDN.


About Our Editorial Process

At DevX, we’re dedicated to tech entrepreneurship. Our team closely follows industry shifts, new products, AI breakthroughs, technology trends, and funding announcements. Articles undergo thorough editing to ensure accuracy and clarity, reflecting DevX’s style and supporting entrepreneurs in the tech sphere.

See our full editorial policy.

About Our Journalist