Discussion of Coding

Blog coding and discussion of coding about JavaScript, PHP, CGI, general web building etc.

Saturday, April 9, 2016

set-cookie seemingly ignored by Chrome but not IE? Weird expiration issue? 302 Redirect? Good Gawd, y'all

Author:  |   |  No comments | 

set-cookie seemingly ignored by Chrome but not IE? Weird expiration issue? 302 Redirect? Good Gawd, y'all


I'm setting a cookie with an expiration date via ASP.NET using code similar to this

System.Web.Security.FormsAuthenticationTicket ticket = new System.Web.Security.FormsAuthenticationTicket(1, uname, DateTime.UtcNow, DateTime.UtcNow.AddDays(30), bool_persist, "some custom string data here");    string encrypted_ticket = System.Web.Security.FormsAuthentication.Encrypt(ticket);    HttpCookie auth_cookie = new HttpCookie(System.Web.Security.FormsAuthentication.FormsCookieName, encrypted_ticket);  auth_cookie.HttpOnly = true;    if (persist) //passed in to method as parameter  {       auth_cookie.Expires = DateTime.UtcNow.AddDays(30);  }  auth_cookie.Domain = ".mydomainname.com";  Response.Cookies.Set(auth_cookie);

I am additionally setting another cookie in the same request to persist some other data then I redirect to another page.

The following header comes through on the response

HTTP/1.1 302 Found  Location: /redirect_to_this_page  Set-Cookie:.myAuthCookie=TRUNCATED_ENCRYPTED_DATA_FOR_READABILITY; domain=.mydomainname.com; expires=Sun, 27-Nov-2011 20:27:16 GMT; path=/; HttpOnly  Set-Cookie:__MyOtherCookie=; domain=full.mydomainname.com; expires=Thu, 28-Oct-2010 20:27:24 GMT; path=/; HttpOnly

On the request for the /redirect_to_this_page, I don't see the header being sent for some reason.

Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8  Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3  Accept-Encoding:gzip,deflate,sdch  Accept-Language:en-US,en;q=0.8  Cache-Control:max-age=0  Connection:keep-alive  Cookie:__utma=113888769.1619895090.1322774580.1322774580.1322774580.1;     __utmb=113888769.5.8.1322774827282; __utmc=113888769;     __utmz=113888769.1319833259.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=  Host:full.mydomainname.com  Referer:http://full.mydomainname.com/referring_page_that_set_cookies  User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.2 (KHTML, like Gecko)         Chrome/15.0.874.106 Safari/535.2

Any ideas how to solve this issue? The __MyOtherCookie gets set on every request.

Thanks
Mustafa

EDIT

Some discoveries: IE9 works properly. Chrome does not set the cookie after getting the Set-Cookie header if it has an expiration date.

So if I send the cookie without an expiration (so it gets treated like a session cookie by the browser, killed when the browser is closed), the cookie is always set properly and all requests contain the correct cookie.

In the words of Jon Stewart.... Whaaa?

Answer by Tadeusz Wójcik for set-cookie seemingly ignored by Chrome but not IE? Weird expiration issue? 302 Redirect? Good Gawd, y'all


Remove domain from your custom cookie and try again.

If you want to use cookie across all subdomains domain name in cookie must match domain with dot at the beggining, looking at your headers it doesn't match:

Server response has:

full.mydomainname.com

request has:

full.mydomain.com

Or maybe it's has something to do with that safari bug Safari doesn't set Cookie but IE / FF does

Answer by phil pirozhkov for set-cookie seemingly ignored by Chrome but not IE? Weird expiration issue? 302 Redirect? Good Gawd, y'all


Why are you using a dot as cookie name prefix for ".myAuthCookie"? As per RFC it is treated as a separator.

Answer by Alvaro Brange for set-cookie seemingly ignored by Chrome but not IE? Weird expiration issue? 302 Redirect? Good Gawd, y'all


We had the same issue with Chrome (version 21.0.1180). Despite that we see expiration date on Header, some Chrome in Windows XP ignored it. Then we removed the Expiration Date and Chrome accepted keep the session cookie without problems.

Answer by John Y. for set-cookie seemingly ignored by Chrome but not IE? Weird expiration issue? 302 Redirect? Good Gawd, y'all


We had similar symptoms when moving our code from one server to another. Our login would set an expiring cookie on a redirect when login was successful. On the new server Firefox worked fine but Chrome and Safari failed (I didn't try IE). All worked on the old server. After comparing the headers/responses of two cases, I discovered the server time on the new server was set so that the time provided in the cookie expiration had already passed when the cookie was set!

We were serving stale cookies.

Setting the time properly on the new server made it work.

Assumption: FF works because it compares the expiration timestamp with the response header's Date: value - the other two must use the local machine's OS time?

Answer by user281806 for set-cookie seemingly ignored by Chrome but not IE? Weird expiration issue? 302 Redirect? Good Gawd, y'all


We had the same symptoms. It turned out that IIS was returning the wrong date in an HTTP Date header to the browser even though the date/time was set correctly on the server. IISRESET didn't help, it took a full server reboot to fix it.


Fatal error: Call to a member function getElementsByTagName() on a non-object in D:\XAMPP INSTALLASTION\xampp\htdocs\endunpratama9i\www-stackoverflow-info-proses.php on line 72

0 comments:

Post a Comment

Popular Posts

Powered by Blogger.