asp.nethttp-postsession-state

Why does a Asp.Net HTTP POST cause a 302 Redirect to GET even with EnableSessionState set to False


I have a simple POST hit from a 3rd party website to a page on my ASP.Net website. Because the POST hit is not sending the ASP.NET_SessionId cookie it doesn't have the context for Session variables. To prevent the ASP.Net server from forcing a 302 Redirect to the same page with a GET method and a ?AspxAutoDetectCookieSupport=1 appended to the URL I set the EnableSessionState="False" in the @Page tag. With the POST method working I'm able collect the variable values being posted and update a record in my local database.

This was working the other day exactly like it should, now today it is redirecting again and I can't grab the values in the variables accompany the POST. I don't get control in the page behind code until the GET request is serviced on the server. By then the needed POST variables are long gone.

<%@ Page AutoEventWireup="true" CodeFile="InvoiceUSAePay.aspx.cs"
Inherits="InvoiceUSAePay" Language="C#" EnableSessionState="False" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
    <title>Invoice USAePay</title> 
    <meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR" />
    <meta content="C#" name="CODE_LANGUAGE" />
    <meta content="JavaScript" name="vs_defaultClientScript" />
    <meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema" />
</head>
<body>
    Enable <%= state %>
</body>
</html>

Why is the post doing a redirect from the POST to GET when the EnableSessionState="False"?


Solution

  • In the web.config file's <system.web><sessionState> property, I set cookieless="AutoDetect". Eeven when you set EnableSessionState="False" in a page's <%@ Page%> tag, the server is going to "AutoDetect" for a cookie.

    So the POST was coming in without a session cookie, so the server redirected the browser back to the server with a GET operation and a ?AspxAutoDetectCookieSupport=1 parameter.

    I've switched from AutoDetect to UseCookies and my pages have been working as expected, so far.