We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Buscar en Ayuda

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Asp.net web site session gets lost after upgrading to Firefox 61 or above

  • 4 respuestas
  • 1 tiene este problema
  • 1 visita
  • Última respuesta de Simon03

more options

We have an asp.net webform. Some of users always use Firefox and didn't have any issue until they upgraded to Firefox 61 or above. If Firefox 61+ is used, user's session gets killed/lost sometime. We cannot reproduce this issue in any versions prior to Firefox 61 or any other browsers.

Firefox 61 seems to be the first breaking version for us, so I have been looking at the release notes: https://www.mozilla.org/en-US/firefox/61.0/releasenotes/.

There was some improved security change around TLS so I tried to play around with the settings (security.tls.version.max and security.tls.version.fallback-limit) but it doesn't make any difference.

Any idea what could cause this session loss issue?

Thanks

We have an asp.net webform. Some of users always use Firefox and didn't have any issue until they upgraded to Firefox 61 or above. If Firefox 61+ is used, user's session gets killed/lost sometime. We cannot reproduce this issue in any versions prior to Firefox 61 or any other browsers. Firefox 61 seems to be the first breaking version for us, so I have been looking at the release notes: https://www.mozilla.org/en-US/firefox/61.0/releasenotes/. There was some improved security change around TLS so I tried to play around with the settings (security.tls.version.max and security.tls.version.fallback-limit) but it doesn't make any difference. Any idea what could cause this session loss issue? Thanks

Todas las respuestas (4)

more options

Do you have reliable steps to reproduce the problem?

Can you tell why the session is killed/lost? For example:

  • the session cookie stops getting sent back to the server at some point, so the user loses access to their session (but the session is not necessarily terminated on the server)
  • the server perceives that the session has become inactive and times it out even though the user is active
  • the server perceives that the user has terminated the session (for example, as if the user logged out)
  • the server terminates the session based on security criteria of IIS, ASP.Net, or your webapp (e.g., detected session hijacking)
more options

Hi Jefferson,

Thanks for your response. I don't have very reliable steps to reproduce the problem as it happens very randomly. It can happen just after a user logs in but it can also happen a few minutes after a user logs in.

This is what we do in my website. After a user logs in, we store some user related data in session. On each page load, we check these data. If the data is not in the session, the website will log out the user. From time to time, the user data (in the session) disappears so the user keeps being logged out.

I probably need to do more investigation on the issue but we haven't changed the code around this for long time. This issue started happening for users using Firefox 6.1 and above only.

Thanks

more options

Do affected users have any content blocking extensions or extensions that deal with cookies installed?

more options

cor-el said

Do affected users have any content blocking extensions or extensions that deal with cookies installed?

No, I don't think so. Also, I can reproduce the issue in safe mode. I believe safe mode disables all extensions.