Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Paul Taylor 13 posts 100 karma points
    May 19, 2022 @ 11:20
    Paul Taylor
    0

    Presence of Session State Cookie causes app to crash

    I have an Umbraco 9.4.3 site (.NET5.0) which is using Session state, as configured by Umbraco. The app starts normally then writes a value to Session state in a controller method, which causes a Session cookie to be created.

    public override IActionResult Index()
    {
        HttpContext.Session.SetString("test", "abc");
        return ...;
    }
    

    While that cookie exists, any subsequent request to the site causes it to crash. The last entry in the Umbraco log is the following:

    {
        "@t": "2022-05-19T08:23:40.7534511Z",
        "@mt": "Performing unprotect operation to key {KeyId:B} with purposes {Purposes}.",
        "@r": [
            "{c3e6bbb0-206d-4708-a9ab-ddfbfc117976}"
        ],
        "@l": "Verbose",
        "KeyId": "c3e6bbb0-206d-4708-a9ab-ddfbfc117976",
        "Purposes": "('C:\\src\\websites-myapp-umbraco\\MyApp.Umbraco.Web', 'SessionMiddleware')",
        "EventId": {
            "Id": 5,
            "Name": "PerformingUnprotectOperationToKeyWithPurposes"
        },
        "SourceContext": "Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector",
        "RequestId": "8000000e-0000-f800-b63f-84710c7967bb",
        "RequestPath": "/",
        "ProcessId": 28188,
        "ProcessName": "iisexpress",
        "ThreadId": 16,
        "AppDomainId": 1,
        "AppDomainAppId": "88a8c25dd56eba55a0d1e3793780cc946fd9e0fd",
        "MachineName": "IT08761",
        "Log4NetLevel": "ALL  ",
        "HttpRequestId": "2f3fb967-5aeb-4b13-adb6-12bb6ed89218",
        "HttpRequestNumber": 2,
        "HttpSessionId": "0"
    }
    

    This suggests that SessionMiddleware for some reason is failing to decrypt the session cookie, even though it has previously succeeded in encrypting the session Id value.

    I have created a clean site using the Umbraco Visual Studio project template which configures its pipeline in the same way as the app in question and have tried to reproduce the error in it, without success. I have compared the two sites and from a code and configuration point of view, they are substantially the same. There must be some difference between them, but I can't see it.

    Can anyone cast any light on this please? Could there be an encryption key missing or inaccessible which is causing the failure?

  • Chris Thwaites 14 posts 100 karma points
    Jan 19, 2023 @ 11:10
    Chris Thwaites
    0

    Did you ever find the reason for this? I'm having the exact same problem, and can't work out what's wrong...

  • Chris Thwaites 14 posts 100 karma points
    Jan 19, 2023 @ 11:16
    Chris Thwaites
    0

    Ha. Sorry, I just found your own answer to your question here on stackexchange:

    https://stackoverflow.com/questions/72303674/presence-of-session-state-cookie-causes-app-to-crash

    For completeness, here's what you wrote:

    It turned out that missing Serilog configuration was the root cause of this error. Adding the following to appsettings.json resolved the issue:

    "Serilog": {
      "MinimumLevel": {
        "Default": "Information",
        "Override": {
          "Microsoft": "Warning",
          "Microsoft.Hosting.Lifetime": "Information",
          "System": "Warning"
        }
      }
    }
    

    Thanks.

Please Sign in or register to post replies

Write your reply to:

Draft