My error log is flooded with warnings that look like the following. This is a simple site without load balancing on a server with other sites hosted on IIS. After searching I thought the problem was that we are using "app.UseSession()" in our Startup.cs without providing a unique name to each site, but I've added a Cookie.Name to the "services.AddSession" and we are still seeing tons of these warnings every day. Is there a correct way to setup session for Umbraco 10? Is this not session related? Do I need a machine key in my web.config even if we're not load balancing?
{
"@t": "2023-10-04T14:38:26.8301347Z",
"@mt": "Error unprotecting the session cookie.",
"@l": "Warning",
"@x": "System.Security.Cryptography.CryptographicException: The key {77e655ed-08ac-49d4-9cdc-742eb3817981} was not found in the key ring. For more information go to http://aka.ms/dataprotectionwarning\r\n at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status)\r\n at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte[] protectedData)\r\n at Microsoft.AspNetCore.Session.CookieProtection.Unprotect(IDataProtector protector, String protectedText, ILogger logger)",
"EventId": {
"Id": 7,
"Name": "ErrorUnprotectingCookie"
},
"SourceContext": "Microsoft.AspNetCore.Session.SessionMiddleware",
"RequestId": "80000407-0001-e000-b63f-84710c7967bb",
"RequestPath": "/umbraco/backoffice/umbracoapi/authentication/GetRemainingTimeoutSeconds",
"ProcessId": 3440,
"ProcessName": "w3wp",
"ThreadId": 13,
"ApplicationId": "217531b3676312eda4c847619d172aff781ec1c1",
"MachineName": "<my_server>",
"Log4NetLevel": "WARN ",
"HttpRequestId": "268f5440-f72d-4cb8-a205-77ef9c81eeb5",
"HttpRequestNumber": 33,
"HttpSessionId": "73d6b41c-3f06-ac94-4921-db0c4e74dd0e"
}
To anyone that runs into this it had nothing to do with our cookies. The problem per this answer was us not persisting our session keys to disk when hosting on IIS. Following the IIS Advanced Configuration documentation we changed the application pool "Load User Profile" setting to true to create the full user folder which persisted the keys to the AppData folder.
Session Cookie Error When Accessing Backoffice
My error log is flooded with warnings that look like the following. This is a simple site without load balancing on a server with other sites hosted on IIS. After searching I thought the problem was that we are using "app.UseSession()" in our Startup.cs without providing a unique name to each site, but I've added a Cookie.Name to the "services.AddSession" and we are still seeing tons of these warnings every day. Is there a correct way to setup session for Umbraco 10? Is this not session related? Do I need a machine key in my web.config even if we're not load balancing?
To anyone that runs into this it had nothing to do with our cookies. The problem per this answer was us not persisting our session keys to disk when hosting on IIS. Following the IIS Advanced Configuration documentation we changed the application pool "Load User Profile" setting to true to create the full user folder which persisted the keys to the AppData folder.
is working on a reply...