Posting Acceptor Destroys Session Data

ID: Q192030

The information in this article applies to:

Microsoft Site Server version 3.0
Microsoft Internet Information Server version 4.0
Internet Client SDK, versions 4.0, 4.01

SYMPTOMS

When you upload a file via an HTML form to the Microsoft Posting Acceptor, the Session variables, when accessed after a successful file upload, appear to be lost, or the Session appears to have been restarted.

CAUSE

There are two issues with Posting Acceptor that exhibit this behavior:

Because the Cpshost.dll file handles the post-processing data (that is, keeps the form-data intact for later use), Cpshost.dll acts as the client when it goes to the post-processing URL, thereby starting a new session with Cpshost.dll as the client. For example, after you upload a file via Posting Acceptor, your browser displays the post-processing URL, which appears in the address bar of the browser as http://localhost/scripts/Cpshost.dll?PUBLISH?http://localhost/post-proc.asp . At this point, Cpshost.dll is effectively the client to the post-processing ASP page.

In certain scenarios, the first time Cpshost.dll is loaded into memory, when a form-based file upload occurs and the upload results in success, the user's session is then restarted. This only happens the first time a successful upload occurs on the server.

RESOLUTION

Depending on what information you are storing in the Session, you can use one of the following two workarounds for issue 1:

If you do not need to access Component Object Model (COM) objects stored in the Session object, you can store the necessary information in hidden form fields used by the upload form. For example, if on the post-processing ASP page you are looking for the variable <% Session("MyVar") %>, you can store the value in a hidden form-field on the page used for uploading the file <INPUT TYPE=HIDDEN NAME="MyVar" VALUE="<%= Session("MyVar") %>">.

If you are storing COM objects in the Session that you will need to access immediately after uploading your file, you must do a client-side redirect to a page that will handle this information. This can be accomplished by setting the "window.location" variable in the body_OnLoad event. For example, in your post-processing page, include the following in the <BODY> tag: onload="window.location.href = 'mypage.asp';". This redirects the client directly, so that it is no longer affected by the Posting Acceptor.

There is no workaround for issue 2.

STATUS

Issue 1: This behavior is by design.

Issue 2: Microsoft has confirmed this to be a problem in the products listed above.

MORE INFORMATION

Steps to Reproduce Behavior

Issue 1:

Create a Web page (Upload.asp) that uses a form-based file upload and set it up to use Cpshost.dll as the form handler. Also, set it up to display the current Session ID (for example, <%= Session.SessionID %>).

Create an ASP page as the post-processing page (Post-proc.asp) that displays the current Session ID.

Point your browser to the file upload page (Upload.asp) and note the current Session ID.

Upload a file and, when redirected to the post-processing page (Post- proc.asp), note that the Session IDs are now different.

REFERENCES

Please refer to the following related article in the Microsoft Knowledge Base:

ARTICLE-ID: Q179566
TITLE: PA: How to Do Anonymous Uploads

Additional query words: kbDSupport


Keywords          : 
Version           : WINDOWS:4.0,4.01; WINNT:3.0,4.0
Platform          : WINDOWS winnt 
Issue type        : kbbug

Last Reviewed: July 15, 1999