Hello Folks, We recently moved from IIS 6 to IIS 7 and are noticing an issue with our Admin section with Sessions. We previously did not have a web.config file on our site (at least our people backed it up before moving and can't find it anywhere) and we just had a "global.asax" file that was doing this for us with this content: <script language="VB" runat="server"> ' Fires when the session is started and sets the default loggedin state to "" Sub Session_Start(ByVal sender As Object, ByVal e As EventArgs) Session("Loggedin") = "" CheckLoggedIn() End Sub ' Called when the request has been process by the Request Handler and ' HttpSessionState is available [This is the key piece of code that forces ' the user is login check with each page request] Sub Application_OnPostRequestHandlerExecute() CheckLoggedIn() End Sub 'Check that the user is logged in. Sub CheckLoggedIn() 'If the user is not logged in and you are not currently on the Login Page. If Session("LoggedIn") = "" And InStr(Request.RawUrl, "Login.aspx") = 0 Then Response.Redirect("Login.aspx") End If End Sub </script> It was working great on IIS 6 because it would require them to login or if they timed out, it would send them to the Login.aspx page. In IIS7 it is not doing this and allowing anyone in. I spent this morning trying to find sample as I'm not an avid developer (just reuse code or work off of others). Here was original link that I believe I used to set up the session stuff: http://tutorial.kabarku.com/ASP-NET/ASP-NET-Session-Login-Without-Cookies-10491.html. It says I need a "web.config", but like I said - I don't see this anywhere on old site. I tried putting one up with just this in it: <configuration> <sessionstate mode="inproc" cookieless="false" timeout="20" /> </configuration> But, this gives an error about: "The configuration section 'sessionstate' cannot be read because it is missing a section declaration " Hosting told us to try "classic" mode for IIS 7, but this did not fix problem. Any help would be greatly appreciated. ~Brandon
You need to do this <configuration> <system.web> <sessionstate mode="inproc" cookieless="false" timeout="20" /> </system.web> </configuration>
