04-07-2023, 09:16 PM
It's not wrong information. There is no bullet proof way for IntraWeb to say if
1) the session has expired 24 hours ago,
2) the application pool has been recycled, or
3) someone is trying to break into the application crafting a special request and using an invalid cookie.
Internally all cases above look the same.
The most frequent scenario under normal circumstances is case (1) above. That's why it is the preferred response. EInvalidAppId is currently being used when IW detects for sure that the session ID is indeed invalid.
1) the session has expired 24 hours ago,
2) the application pool has been recycled, or
3) someone is trying to break into the application crafting a special request and using an invalid cookie.
Internally all cases above look the same.
The most frequent scenario under normal circumstances is case (1) above. That's why it is the preferred response. EInvalidAppId is currently being used when IW detects for sure that the session ID is indeed invalid.