asp.netgoogle-chromemobileamazon-silk

Why is my querystring being modified by Chrome Mobile on iPhone and Kindle Fire's Silk browser?


I have a portal application with the following url https://pv.xxxxx.org/Y/Students.aspx, at least that is how it appears in any of my web browsers on my PC. On my Kindle Fire HD (Silk) or iPhone (Chrome) it is showing up like

https://pv.xxxxx.org/(F(gXjx4o3HVBTt2dUj-0_fg8JrTaBqvjZUE7WjynRNoYUKpUo3YFpP6KD92KXl6XSeJE633w9eetXNHJhE_bXBrMe8wcd9FKivh16Ibrz4a06dZd4UAxyHTxK2euBM8gRlqzEmgLnQmy830rW2UtMwfmuNJQVwsvyz72EaLNgTkf01))/Y/Students.aspx

As soon as I click on any link in the web forms application the system just logs me out. I have coded pretty heavy error handling into the system so it sends me an email and logs to the database and event logs if anything goes wrong and I am getting nothing. I cannot reproduce the problem since it is only happening on those two mobile devices(that I have access to), and I cannot run a debugger on it.

Some other information it does not do bad things to my url in Safari on the iPhone. I do use the querystring to pass variables but not when you first load the application and this is after the end user, in this case me, has been authenticated and is on the landing page.

So my questions are why is it being modified, can I make it stop, if not how can I fix it? I have been struggling to find any mention of the problem let alone a solution through googling.


Solution

  • My portal application is running asp.net 4.0, I cannot get to 4.5 because I am running a windows 2003 server and it will not let me install it. So this problem is not relative to anyone who is running 4.5 or later. In the browsers I mentioned above they are taking my forms based authentication and setting it to Cookieless mode. I assume, although I don't know for sure, but the addition to the Querystring is the authentication token.

    In order to fix the problem so that my end users don't have to mess around with their cookie settings, I updated my web.config with the following code:

    <authentication mode="Forms" >
      <forms loginUrl="~/Account/LogOn" timeout="2880" cookieless="UseCookies" />
    </authentication>
    

    The key component of that code snippet is:

    cookieless="UseCookies"
    

    Once I updated the Web.Config the addition to the Querystring vanished and I was able to observe the creation of the .aspxauth authentication token using chrome's developer tools.

    I added the explanation for completeness purposes here is where I ended up finding the answer:

    FormsAuthentication On ASPNET Sites With The Google Chrome Browser On iOS

    Thank you Mr. Scott Hanselman.