Posting Acceptor Destroys Session Data (192030)


The information in this article applies to:

  • Microsoft Site Server 3.0
  • Microsoft Internet Client SDK 4.0
  • Microsoft Internet Client SDK 4.01
This article was previously published under Q192030

SYMPTOMS

When you upload a file via an HTML form to the Microsoft Posting Acceptor, the Session variables, when accessed after a successful file upload, appear to be lost, or the Session appears to have been restarted.

CAUSE

There are two issues with Posting Acceptor that exhibit this behavior:

  1. Because the Cpshost.dll file handles the post-processing data (that is, keeps the form-data intact for later use), Cpshost.dll acts as the client when it goes to the post-processing URL, thereby starting a new session with Cpshost.dll as the client. At this point, Cpshost.dll is effectively the client to the post-processing ASP page.

    In certain scenarios, the first time Cpshost.dll is loaded into memory, when a form-based file upload occurs and the upload results in success, the user's session is then restarted. This only happens the first time a successful upload occurs on the server.
  2. In certain scenarios, the first time Cpshost.dll is loaded into memory, when a form-based file upload occurs and the upload results in success, the user's session is then restarted. This only happens the first time a successful upload occurs on the server.

RESOLUTION

Depending on what information you are storing in the Session, you can use one of the following two workarounds for issue 1:

  1. If you do not need to access Component Object Model (COM) objects stored in the Session object, you can store the necessary information in hidden form fields used by the upload form. For example, if on the post-processing ASP page you are looking for the variable <% Session("MyVar") %>, you can store the value in a hidden form-field on the page used for uploading the file <INPUT TYPE=HIDDEN NAME="MyVar" VALUE="<%= Session("MyVar") %>">.

    If you are storing COM objects in the Session that you will need to access immediately after uploading your file, you must do a client-side redirect to a page that will handle this information. This can be accomplished by setting the "window.location" variable in the body_OnLoad event. For example, in your post-processing page, include the following in the <BODY> tag: onload="window.location.href = 'mypage.asp';". This redirects the client directly, so that it is no longer affected by the Posting Acceptor.
  2. If you are storing COM objects in the Session that you will need to access immediately after uploading your file, you must do a client-side redirect to a page that will handle this information. This can be accomplished by setting the "window.location" variable in the body_OnLoad event. For example, in your post-processing page, include the following in the <BODY> tag: onload="window.location.href = 'mypage.asp';". This redirects the client directly, so that it is no longer affected by the Posting Acceptor.
There is no workaround for issue 2.

STATUS

Issue 1: This behavior is by design.

Issue 2: Microsoft has confirmed this to be a problem in the products listed above.

MORE INFORMATION

Steps to Reproduce Behavior

Issue 1:

  1. Create a Web page (Upload.asp) that uses a form-based file upload and set it up to use Cpshost.dll as the form handler. Also, set it up to display the current Session ID (for example, <%= Session.SessionID %>).
  2. Create an ASP page as the post-processing page (Post-proc.asp) that displays the current Session ID.
  3. Point your browser to the file upload page (Upload.asp) and note the current Session ID.
  4. Upload a file and, when redirected to the post-processing page (Post- proc.asp), note that the Session IDs are now different.

REFERENCES

Please refer to the following related article in the Microsoft Knowledge Base:

ARTICLE-ID: 179566
TITLE: PA: How to Do Anonymous Uploads

Modification Type:MinorLast Reviewed:3/1/2005
Keywords:kbbug kbpending KB192030
©2004 Microsoft Corporation. All rights reserved.