Presence of Session State Cookie causes app to crash
I have an Umbraco 9.4.3 site (.NET5.0) which is using Session state, as configured by Umbraco. The app starts normally then writes a value to Session state in a controller method, which causes a Session cookie to be created.
public override IActionResult Index()
{
HttpContext.Session.SetString("test", "abc");
return ...;
}
While that cookie exists, any subsequent request to the site causes it to crash. The last entry in the Umbraco log is the following:
This suggests that SessionMiddleware for some reason is failing to decrypt the session cookie, even though it has previously succeeded in encrypting the session Id value.
I have created a clean site using the Umbraco Visual Studio project template which configures its pipeline in the same way as the app in question and have tried to reproduce the error in it, without success. I have compared the two sites and from a code and configuration point of view, they are substantially the same. There must be some difference between them, but I can't see it.
Can anyone cast any light on this please? Could there be an encryption key missing or inaccessible which is causing the failure?
Presence of Session State Cookie causes app to crash
I have an Umbraco 9.4.3 site (.NET5.0) which is using Session state, as configured by Umbraco. The app starts normally then writes a value to Session state in a controller method, which causes a Session cookie to be created.
While that cookie exists, any subsequent request to the site causes it to crash. The last entry in the Umbraco log is the following:
This suggests that SessionMiddleware for some reason is failing to decrypt the session cookie, even though it has previously succeeded in encrypting the session Id value.
I have created a clean site using the Umbraco Visual Studio project template which configures its pipeline in the same way as the app in question and have tried to reproduce the error in it, without success. I have compared the two sites and from a code and configuration point of view, they are substantially the same. There must be some difference between them, but I can't see it.
Can anyone cast any light on this please? Could there be an encryption key missing or inaccessible which is causing the failure?
Did you ever find the reason for this? I'm having the exact same problem, and can't work out what's wrong...
Ha. Sorry, I just found your own answer to your question here on stackexchange:
https://stackoverflow.com/questions/72303674/presence-of-session-state-cookie-causes-app-to-crash
For completeness, here's what you wrote:
It turned out that missing Serilog configuration was the root cause of this error. Adding the following to appsettings.json resolved the issue:
Thanks.
is working on a reply...