ASP.NET MVC and the use of cookieless sessions

Question

ASP.NET MVC and the use of cookieless sessions

There seems to be conflicting opinions about ASP.NET MVC and cookieless sessions. Some people say that MVC simply does not support it, but others seem to use MVC and non-periodic sessions without any problems. If I create a test MVC project and enable cookieless sessions, everything will work fine. Does anyone have a definitive and supported answer to using cookieless sessions with MVC, i.e. why or why not using them?

Note. I know the security implications of using cookieless sessions, but in my case for internal applications, the risk of other users stealing sessionId is not a big problem.

+8

asp.net asp.net-mvc

Mark erasmus Feb 07 '14 at 21:52

source share

1 answer

Levi · Accepted Answer · 2014-02-08T22:15:08+0000

The final answer was on the forums.asp.net forum that you contacted in your original question. These answers came directly from the product group members themselves. Cookies auth / cookieless are obsolete technologies. Nothing of the ASP.NET team has been supported in recent years (MVC, WebAPI, SignalR, Friendly URLs).

Things may work by a fluke, but this should not be misinterpreted as an officially supported script. All errors that have been filed regarding cookieless forms of an auth / cookieless session are automatically resolved "will not be fixed" by product groups.

ASP.NET MVC and the use of cookieless sessions

More articles: