Tuesday, February 14, 2006

Sometimes it really is _that_ easy

Sharepoint has a Page Viewer webpart, allowing you to integrate external applications into your Portal. Very useful, but sometimes this presents problems of its own.

Case in point, one of our clients used this webpart to integrate his .NET web application in a WSS site, and had some trouble with his Session variables not showing up, when viewed through the webpart. Logical, if you think about it, because the site is being referenced through an Iframe of another site, so your cookies are not going to be accessible. Its not a bug, its a feature! In this case, a security feature, because how would you like it if any external site could just frame you (pun intended) and nose around in your cookies?

Faced with the prospect of having to rewrite his entire application without Session variables, the client's developer started considering jumping off the nearest bridge. That is, until I pointed out to him that he could simply switch the session state handling in his .NET application by modifying the web.config.


< sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;user id=sa;password="
cookieless="true"
timeout="20"
/>


By setting the "cookieless" attribute to true, ASP.NET will automatically (and with no impact on the application!), switch from using cookies to track session ids to appending a session identifier to the Url. No fuss, no need to rewrite your application!

Problem solved, client happy. If only everything was so easy.