I have an Asp.Net MVC 4 application that is using a custom session wrapper. The session is being saved in SQL sever (SQL Server mode - expired after 20 minutes). Typical customers open the application inside of an iframe, process their order, and close the iframe when they are done. It has been working fine until recently when IT installed the latest Microsoft updates. All ajax request the app made while inside the iframe is returning a 500 error message. After some debugging, I realized that the session object is null. As a result, the app thrown an null exception. If I were to use the application outside of an iframe, it works as expected. I have not been able to find a work around. Without a workaround, I'll have to start adding hidden label in order to have some of these values available to me during the requests. Does anyone have a workaround for this issue?
session wrapper class
[Serializable]
[SessionExpireFilter]
public class SessionWrapper
{
public static CurrentOrder currentOrder
{
get
{
if (HttpContext.Current.Session["Order"] != null)
{
return (CurrentOrder)HttpContext.Current.Session["Order"];
}
else
{
return null;
}
}
set
{
HttpContext.Current.Session["Order"] = value;
}
}
}
initialize the wrapper when a user starts an order
CurrentOrder currentOrder= new CurrentOrder();
SessionWrapper.CurrentOrder = currentOrder;
Reading or setting a session variable.
SessionWrapper.CurrentOrder.OrderId = anOrderID
if(SessionWrapper.CurrentOrder != null && SessionWrapper.CurrentOrder.OrderId > 0)
anOrderId = SessionWrapper.CurrentOrder.OrderId
Updated on 01/09/2020
After some additional debugging, the request does not include the session information. As a result, the piece of code for when session is not null is never executed because the session is null.
HttpContext.Current.Session["Order"] != null
Finally, I found the answer in this forum. Adding the 'cookieSameSite="None"' to my sessionState tag fix the issue.