Tell me more ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 0 down vote favorite

I'm working on an ASP.Net MVC 4 app that uses Webmatrix for the authentication. I have the following in my web.config file 

<sessionState mode="SQLServer" cookieless="true" allowCustomSqlDatabase="true"
     sqlConnectionString="Data Source=server;Initial Catalog=ASPState;Persist
                          Security Info=True;User ID=user;Password=password" 
     timeout="2880" sqlCommandTimeout="10" />

I can see the ASPState database is being populated, but I'm still getting the session id in the URL. When I try accessing it via Chrome it errors out saying to many redirects. When I access it via IE it works even though I see it redirection (though the session id is in the url) but errors when I try to log in with the following error:

Unable to serialize the session state. In 'StateServer' and 'SQLServer' mode, ASP.NET will serialize the session state objects, and as a result non-serializable objects or MarshalByRef objects are not permitted. The same restriction applies if similar serialization is done by the custom session state store in 'Custom' mode.

I haven't made any customization to the Webmatrix, it's all default. I need the session id to stay out of the URL and use the DB like I have it set in the web.config file

share|improve this question
 
This message is say to you that you try add on session class that can not be serialized - the Dictionary<> for example can not be saved on session, or other lists with class that you probably do not use the [Serialization] keyword. –  Aristos Dec 22 '12 at 7:54

1 Answer

up vote 0 down vote accepted

First of all, try setting cookieless to false. Second, allowCustomSqlDatabase should be set to false when using ASPState, and third don't specify Initial Catalog in your connection string. SQLState will automatically do it in the background. Forth, I don't know what is it that you are trying to serialize, but you should put [Serializable] attribute above your class that you are trying to store in a session.

As for the session id in a URL string, are you using IIS or IIS Express? IIS uses a little utility aspnet_filter.exe to accept the URL's with session id and internally it redirects you to a proper address. The same is when it returns info back to you. THe URL goes again through the process of decoration. However, I am not sure that IIS Express uses that utility. In a way it wouldn't really make too much sense that on a developer machine you turn cookies off.

share|improve this answer

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.