Getting the session ID causes the user to logout

288 views Asked by At

I am observing very strange behaviour in an ASP.NET application I am writing and have reproduced the problem by creating a vanilla application from the VS2013 template and changing one line...

Background In the LogIn event of the Login.aspx page I retrieve the sessionID from the current Session at the point the user logs in successfully. I do this in the case statement for SignInStatus.Success by adding the following line:

var sessionId = Session.SessionID;

After adding this line I can no longer log in. Typing the username and password just jumps back to the default page without showing the user as signed in.

If I remove that line, sign in works as expected.

To reproduce: In VS2013, create a new ASP.NET Web Application. Select the Web Forms template. Change Authentication to be Individual User Accounts. Untick Host in the cloud. Untick MVC and Web API.

Once the application is created change LogIn in Login.aspx.cs to start as follows:

    protected void LogIn(object sender, EventArgs e)
    {
        if (IsValid)
        {
            // Validate the user password
            var manager = Context.GetOwinContext().GetUserManager<ApplicationUserManager>();
            var signinManager = Context.GetOwinContext().GetUserManager<ApplicationSignInManager>();

            // This doen't count login failures towards account lockout
            // To enable password failures to trigger lockout, change to shouldLockout: true
            var result = signinManager.PasswordSignIn(Email.Text, Password.Text, RememberMe.Checked, shouldLockout: false);

            switch (result)
            {
                case SignInStatus.Success:

                    var sessionId = Session.SessionID;

                    IdentityHelper.RedirectToReturnUrl(Request.QueryString["ReturnUrl"], Response);
                    break;

After registering a user, log out. Try and sign in again and it won't work.

If you remove the SessionId line again it will let you sign in.

0

There are 0 answers