asp.net mvc - IE10 injects token into .NET MVC links

Question

I have a working .NET MVC application, but when accessing with IE10 on Windows 8 the browser source code shows that all dynamically generated URLs, eg. with Url.Action("Index", "Home") are written as:

/(F(usb6gVWyFnXevozQyFvVxVdbsN0uM9kZ5wNu9gT9pWBINGuodOdzLKkIQzfhqy3UhnCLyXf78LugXZO2UPYfMbNzSJJawmbqUBL56TjKpXgWpiMdVAjB1T3YcPlGhZePwFd6C9P_f_Y89KiDnWcA9EfR1m0ud3IcBYTW8OwZxOMTd8bxt5hM8mgXVN6OSdoo3IMwRA2))/Home/Index

instead of:

/Home/Index

If we write the link with static HTML:

<a href="/Home/Index">[linktext]</a>

IE10 redirects to the login page. The problem is when leaving the site temporarily to go to a partner site that has a link back to the first site. As the injected code is missing the return URL is no longer valid and redirects to the login.

Anybody knows why this code is injected (Framework or IE10 issue?)

Answer 1

That code is part of ASP.NET's cookieless session feature. You can disable it in the web.config <configuration><system.web> section with:

<sessionState cookieless="false" />

Or with:

<forms cookieless="UseCookies" />

I don't know why IE10 is doing that. You could probably add a browser file in app_browsers with updated IE10 info to tell it it supports cookies. Or perhaps you have cookies disabled?