Asp.net web site session gets lost after upgrading to Firefox 61 or above
We have an asp.net webform. Some of users always use Firefox and didn't have any issue until they upgraded to Firefox 61 or above. If Firefox 61+ is used, user's session gets killed/lost sometime. We cannot reproduce this issue in any versions prior to Firefox 61 or any other browsers.
Firefox 61 seems to be the first breaking version for us, so I have been looking at the release notes: https://www.mozilla.org/en-US/firefox/61.0/releasenotes/.
There was some improved security change around TLS so I tried to play around with the settings (security.tls.version.max and security.tls.version.fallback-limit) but it doesn't make any difference.
Any idea what could cause this session loss issue?
Thanks
Todas las respuestas (4)
Do you have reliable steps to reproduce the problem?
Can you tell why the session is killed/lost? For example:
- the session cookie stops getting sent back to the server at some point, so the user loses access to their session (but the session is not necessarily terminated on the server)
- the server perceives that the session has become inactive and times it out even though the user is active
- the server perceives that the user has terminated the session (for example, as if the user logged out)
- the server terminates the session based on security criteria of IIS, ASP.Net, or your webapp (e.g., detected session hijacking)
Hi Jefferson,
Thanks for your response. I don't have very reliable steps to reproduce the problem as it happens very randomly. It can happen just after a user logs in but it can also happen a few minutes after a user logs in.
This is what we do in my website. After a user logs in, we store some user related data in session. On each page load, we check these data. If the data is not in the session, the website will log out the user. From time to time, the user data (in the session) disappears so the user keeps being logged out.
I probably need to do more investigation on the issue but we haven't changed the code around this for long time. This issue started happening for users using Firefox 6.1 and above only.
Thanks
Do affected users have any content blocking extensions or extensions that deal with cookies installed?
cor-el said
Do affected users have any content blocking extensions or extensions that deal with cookies installed?
No, I don't think so. Also, I can reproduce the issue in safe mode. I believe safe mode disables all extensions.