#vbwyrde

hi

If you can offer any advice that would be appreciated

Hi, could you share what you're trying to achieve? Webhook event shouldn't have anything to do with cookies as it's a request from Stripe to your server

you know what cookieless session state is in asp.net?

you're familiar with it?

Unfortunately, I'm not familiar with cookieless session state in asp.net

ok well then it would be difficult to explain to you what I'm trying to do

I wonder if there happens to be anyone there who happens to know asp.net that might be able to help

Cookie is used for website/browser. From the SO post here, cookieless session basically doesn't pass cookie session identifier, but but into a query string instead https://stackoverflow.com/questions/2273066/what-are-cookieless-sessions

What cookieless state does is it creates a guid that it puts into the URL that tracks the session

The behavior is very easy to test. When I use cookieless I get a 302 error. When I turn that off I get a 200 response. No coding changes at all.

normally one would think the answer is simply "don't use cookieless"... however, cookieless is the only way to allow users to open the same web application in two tabs and not have session objects bleed between the tabs. This is just how browsers are designed. And cookieless was invented to resolve this issue.

I ask if anyone there happens to know asp.net because I suspect I'm not the only stripe developer whose run into this, and I wonder if engineers who know asp.net fairly well might have already engaged with developers facing this issue.

Webhook endpoint should be a server to server communication and it shouldn't require a cookie session since webhook should not be a web application. I'm afraid that cookie is not supported in webhook event.

perhaps. but the fact is very simple. When I turn off cookieless the webhooks get 200 response. When I turn them on, they get a 302 response. It is repeatable and clear.

so whatever we think cookies should and shouldn't do, there is obviously a relationship. I'm not claiming I understand what it is, in fact I have no idea. That's why I'm here asking for help with it.

I was hoping to get in touch with someone who knows the terrain and might have run into this before

I would be surprised if I'm the first

well, anyway, I will try again later. it is 1:05 am here and I have to get up early for work. I was hoping I might get a quick "oh that's easy! you just add this configuration option" but I don't think that's going to happen tonight.

Sorry that we are unable to provide more help here as we do not know much about how cookieless session works in asp.net and why it returns 302

if you happen to know anyone on the team who knows asp.net that would be helpful

maybe someone I can touch base with

?

I'd recommend trying to ask StackOverflow as it's likely a ASP.NET configuration. It may be possible to disable cookieless state for a specific path such as your webhook endpoint

That's an interesting thought. I might have to put the webhook listener on a different domain, as sessions state is universal to a given web application. But putting the listener on a different domain is possible, I suppose. I would just need to tell stripe where to send the messages to, and that domain website could then update the database. possibly, possibly. Thanks for the thought.