Microsoft KB Archive/192030

= Posting Acceptor Destroys Session Data =

Article ID: 192030

Article Last Modified on 3/1/2005

-

APPLIES TO


 * Microsoft Site Server 3.0 Standard Edition
 * Microsoft Internet Client Software Development Kit 4.0
 * Microsoft Internet Client Software Development Kit 4.01

-



This article was previously published under Q192030



SYMPTOMS
When you upload a file via an HTML form to the Microsoft Posting Acceptor, the Session variables, when accessed after a successful file upload, appear to be lost, or the Session appears to have been restarted.



CAUSE
There are two issues with Posting Acceptor that exhibit this behavior:


 * 1) Because the Cpshost.dll file handles the post-processing data (that is, keeps the form-data intact for later use), Cpshost.dll acts as the client when it goes to the post-processing URL, thereby starting a new session with Cpshost.dll as the client. At this point, Cpshost.dll is effectively the client to the post-processing ASP page.

In certain scenarios, the first time Cpshost.dll is loaded into memory, when a form-based file upload occurs and the upload results in success, the user's session is then restarted. This only happens the first time a successful upload occurs on the server.
 * 1) In certain scenarios, the first time Cpshost.dll is loaded into memory, when a form-based file upload occurs and the upload results in success, the user's session is then restarted. This only happens the first time a successful upload occurs on the server.



RESOLUTION
Depending on what information you are storing in the Session, you can use one of the following two workarounds for issue 1:


 * 1) If you do not need to access Component Object Model (COM) objects stored in the Session object, you can store the necessary information in hidden form fields used by the upload form. For example, if on the post-processing ASP page you are looking for the variable <% Session("MyVar") %>, you can store the value in a hidden form-field on the page used for uploading the file ">.

If you are storing COM objects in the Session that you will need to access immediately after uploading your file, you must do a client-side redirect to a page that will handle this information. This can be accomplished by setting the "window.location" variable in the body_OnLoad event. For example, in your post-processing page, include the following in the  tag: onload="window.location.href = 'mypage.asp';". This redirects the client directly, so that it is no longer affected by the Posting Acceptor.
 * 1) If you are storing COM objects in the Session that you will need to access immediately after uploading your file, you must do a client-side redirect to a page that will handle this information. This can be accomplished by setting the "window.location" variable in the body_OnLoad event. For example, in your post-processing page, include the following in the  tag: onload="window.location.href = 'mypage.asp';". This redirects the client directly, so that it is no longer affected by the Posting Acceptor.

There is no workaround for issue 2.



STATUS
Issue 1: This behavior is by design.

Issue 2: Microsoft has confirmed this to be a problem in the products listed above.



Steps to Reproduce Behavior
Issue 1:


 * 1) Create a Web page (Upload.asp) that uses a form-based file upload and set it up to use Cpshost.dll as the form handler. Also, set it up to display the current Session ID (for example, <%= Session.SessionID %>).
 * 2) Create an ASP page as the post-processing page (Post-proc.asp) that displays the current Session ID.
 * 3) Point your browser to the file upload page (Upload.asp) and note the current Session ID.
 * 4) Upload a file and, when redirected to the post-processing page (Post- proc.asp), note that the Session IDs are now different.

