.NET Core 3.1 Session is not working

Question

.NET Core 3.1 Session is not working

vijay sahu 1

Currently I am working on .NET Core API 3.1 Application. I have a requirement to maintain the state so that I can use it later.

Below are the code that I have done in startup.cs file.

Inside ConfigureService method

            services.AddDistributedMemoryCache();  
            services.Configure<CookiePolicyOptions>(options =>  
            {  
                // This lambda determines whether user consent for non-essential cookies is needed for a given request.  
                options.CheckConsentNeeded = context => false;  
                options.MinimumSameSitePolicy = SameSiteMode.None;  
            });  


            services.AddSession(options =>  
            {  
                //options.Cookie.Name = "ephr";  
                options.IdleTimeout = TimeSpan.FromMinutes(10);  
                options.Cookie.HttpOnly = true;  
                options.Cookie.IsEssential = true;  
            });

And the for Configure Method

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)  
        {  
            app.UseMiddleware<HttpRequestBodyMiddleware>();  

            if (env.IsDevelopment())  
            {  
                app.UseDeveloperExceptionPage();  
            }  
            app.UseMiddleware<ExceptionMiddleware>();  
            app.UseRouting();  
            app.UseCors(allowSpecificOrigins);  
            app.UseAuthentication();  
            app.UseAuthorization();  
            app.UseMiddleware<JwtMiddleware>();  
            app.UseSession();  
            app.UseEndpoints(endpoints =>  
            {  
                endpoints.MapControllers();  
            });  
            app.UseSwagger();  
            app.UseSwaggerUI(c =>  
            {  
                c.SwaggerEndpoint("/swagger/v1/swagger.json", "AS.ePHR.Business API V1");  
            });  
        }

Set the session value using below code

HttpContext.Session.Set<string>("OTP", _accountService.GenerateOTP(authenticatResponse.Id));

For Get value from session code is as bellow

var otpFromServer = HttpContext.Session.Get<string>("OTP");

Problem:

Able to set the value and if immediately inspecting the session value then I can clearly see that value under session but in round trip from browser, when another api method and calling GET method of ISession extension to get the value from session it returns null value because in inspect list there is no "OTP" Session enlisted.

Can any one help me to understand why the code is working for my 3.1 .net core app..

Please find the below screen shot for more understanding and clarity

While setting the values

While getting the value

![91383-image.png ]2

I referred the below link to implement the same in my code.

https://learn.microsoft.com/en-us/aspnet/core/fundamentals/app-state?view=aspnetcore-5.0

AgaveJoe 31,361 Reputation points

2021-04-26T20:23:40.523+00:00

The code looks like a Web API application. Typically, Web API clients are stateless do not expect a cookie. Session is a feature found in UI based applications that use a browser.

4 answers

Your answer

AgaveJoe 31,361 Reputation points

2021-04-26T20:23:40.523+00:00

The code looks like a Web API application. Typically, Web API clients are stateless do not expect a cookie. Session is a feature found in UI based applications that use a browser.

Answer 1

I review you code again. the issue is:

             services.AddSession(options =>  
             {  
                 //options.Cookie.Name = "ephr";  
                 options.IdleTimeout = TimeSpan.FromMinutes(10);  
                 options.Cookie.HttpOnly = true;  
                 options.Cookie.IsEssential = true;  
             });  

         app.UseCors(allowSpecificOrigins);

you are making the session cookie HttpOnly and it looks like you are using CORS. to include HttpOnly cookies, you to include credentials setting

// XmlHttpRequest  
const xhr = new XmlHttpRequest();  
xhr.withCredentials = true;  
  
// fetch  
fetch(url,{  
   method:'post',  
   headers,  
   withCredentials: "include"     // same-origin, include, *same-origin, omit  
});

Answer 2

Bruce (SqlWork.com) 84,061

session support requires a cache handler to be registered as a service. you can use an in-memory or if a farm, a distributed cache

Ankit Jasuja 1 Reputation point

2022-07-25T08:00:38.01+00:00

Any example would be much appreciated.

Answer 3

Ankit Jasuja 1

I have the same problem in .net core 3.1.

Did anyone find the solution?

0 comments

Answer 4

MR_MEOW 3,536

Its out dated
use the current version

AgaveJoe 31,361 Reputation points

2021-04-26T20:47:25.593+00:00

The version has nothing to do with the issue. Web API is stateless. Any Web API client will not expect a cookie.
vijay sahu 1 Reputation point

2021-04-27T08:21:52.433+00:00

Yes and it's the latest version only.... and same code is working when I am creating a fresh new .net core 3.1 project and enable the session... but not in current one.
vijay sahu 1 Reputation point

2021-04-27T08:23:20.39+00:00

Even it's working if I am testing with Swagger but once I start hitting API from Angular app then it's not maintaining the session.
AgaveJoe 31,361 Reputation points

2021-04-27T10:49:51.353+00:00

You are not listening. You accessed Swagger using a browser which knows how to handle cookies automatically. The Angular client does not expect a cookie. I'm not an Angular expert but a quick Google shows you must enable cookie. If you are using the HttpClient then you need withCredentials = true.

Your design is approach non-standard. Look into using local storage to persist state or a bearer token. An Angular support site is probably a better place to get help with Angular.

Share via

.NET Core 3.1 Session is not working

4 answers

Your answer