Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at

  • Tom Newt 28 posts 181 karma points
    Oct 04, 2023 @ 15:25
    Tom Newt

    Session Cookie Error When Accessing Backoffice

    My error log is flooded with warnings that look like the following. This is a simple site without load balancing on a server with other sites hosted on IIS. After searching I thought the problem was that we are using "app.UseSession()" in our Startup.cs without providing a unique name to each site, but I've added a Cookie.Name to the "services.AddSession" and we are still seeing tons of these warnings every day. Is there a correct way to setup session for Umbraco 10? Is this not session related? Do I need a machine key in my web.config even if we're not load balancing?

    "@t": "2023-10-04T14:38:26.8301347Z",
    "@mt": "Error unprotecting the session cookie.",
    "@l": "Warning",
    "@x": "System.Security.Cryptography.CryptographicException: The key {77e655ed-08ac-49d4-9cdc-742eb3817981} was not found in the key ring. For more information go to\r\n   at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status)\r\n   at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte[] protectedData)\r\n   at Microsoft.AspNetCore.Session.CookieProtection.Unprotect(IDataProtector protector, String protectedText, ILogger logger)",
    "EventId": {
        "Id": 7,
        "Name": "ErrorUnprotectingCookie"
    "SourceContext": "Microsoft.AspNetCore.Session.SessionMiddleware",
    "RequestId": "80000407-0001-e000-b63f-84710c7967bb",
    "RequestPath": "/umbraco/backoffice/umbracoapi/authentication/GetRemainingTimeoutSeconds",
    "ProcessId": 3440,
    "ProcessName": "w3wp",
    "ThreadId": 13,
    "ApplicationId": "217531b3676312eda4c847619d172aff781ec1c1",
    "MachineName": "<my_server>",
    "Log4NetLevel": "WARN ",
    "HttpRequestId": "268f5440-f72d-4cb8-a205-77ef9c81eeb5",
    "HttpRequestNumber": 33,
    "HttpSessionId": "73d6b41c-3f06-ac94-4921-db0c4e74dd0e"
  • Tom Newt 28 posts 181 karma points
    Oct 06, 2023 @ 17:06
    Tom Newt

    To anyone that runs into this it had nothing to do with our cookies. The problem per this answer was us not persisting our session keys to disk when hosting on IIS. Following the IIS Advanced Configuration documentation we changed the application pool "Load User Profile" setting to true to create the full user folder which persisted the keys to the AppData folder.

Please Sign in or register to post replies

Write your reply to: