ASP.NET Session cookie shafted me

2008-04-21 @ 21:29#

i just got through a multi-hour session tracking down a nasty bug that only appeared w/ IE/Safari/Opera browsers (not FF) when hitting our ASP.NET-backed site. the problem was the ASP.NET Session cookie. and it stinks/.

first, i hate using a session cookie. i had it turned off in our handler services, but was forced to turn it back on to support SQL Reporting (grumble-grumble). now, i find another reason to hate it. it stalls chained requests.

we use a custom class (HTTPClient) that allow us to chain HTTP requests on the server or use it as our core class when writing command-line or desktop apps that use our HTTP API. it's very handy. but ASP.NET Session screws it all up.

one step in HTTPClient is to pull the current valid cookies from the requesting client and add them to the changed request (honoring same-origin, etc.). when using Firefox as the agent, this step *does not* pass the ASP.NET Session cookie along to HTTPClient. however using IE/Safari/Opera results in this session cookie 'traveling' to the cookie collection for HTTPClient. and when that happens it all goes haywire. i end up with a hung connection that never goes away. in Safari/Opera it works for a single request than hangs. for IE it hangs on the first request.

i suspect the session cookie has some encoding of the agent string, etc. i understand that. but i can't figure why FF strips this from the collection, but other don't.

once i added code to manually strip this cookie from the collection before passing the collection to HTTPClient, things go much better.

man, that stinks!

code