We have recently updated our application to support cookieless sessions and have come up against an issue with a single sign on (SSO) scenario.
We support SAML SSO which transfers the login information in a form post. Unfortunately the initial SAML post to our application results in a 302 redirect due to the app now having cookieless sessions enabled and the SAML information is lost.
I have done a possible workaround by setting the initial page so EnableSessionState="False". This means we do not get the 302 redirect.
I do however still need to set session variables so I have a HTTPHandler which I redirect to from the initial page where I initialize my session and login to the app.
All this works fine.
Now for my problem. I need to pass information from the initial page to the handler. Session is not an option as EnableSessionState="False". I currently use the querystring to do this to prove it would work but it is not a real option so wanted to see if anyone here can suggest an alternative method\strategy?
View Complete Post