locked
Expring Cookies RRS feed

  • Question

  • User362646341 posted

    I have been fighting for quite a while now but I just can't figure it out. I am having trouble with cookies expring almost immediately, or what appears to be immediately after they are created. I may have created something on my site that inadvertantly does this, but I cannot figure out where or what page, masterPage, etc. the cookies expire on.

    I have used the F12 debug log to figure this out but the log says that the cookies expire at the end of the session. When I click on a link to go away from the login confirmation page, they cookies have already expired. Is there a definite way to figure out exactly what page, line, etc. makes them expire?

    Any help is much appreciated - Thank you
    Jereme

    Tuesday, June 2, 2015 3:05 PM

Answers

  • User362646341 posted

    I finally figured this out!!! At some point I had an SSL account, but I let this expire because I was not working on the merchant part of my account. You can create a tag in the web.config file, to "only send cookies over SSL". Apparently this was accidentally created at some point, and set to true:

    <httpCookies httpOnlyCookies="true" requireSSL="true"/>

    I set this to "FALSE" now that the SSL certificate is expired, and everything works fine again.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, June 8, 2016 4:19 AM

All replies

  • User475983607 posted

    JEREMER

    Is there a definite way to figure out exactly what page, line, etc. makes them expire?

    Cookies area created with an expiration date and time.  If the expiration is exceeded the browser does not send the cookie.  It could be that the cookie is created with a very short expiration.  It could also be that a some page is setting the expiration.  Do a search for Response.Cookies.Add and see what you find.

    https://msdn.microsoft.com/en-us/library/ms178195%28v=vs.140%29.aspx

    JEREMER

    I have used the F12 debug log to figure this out but the log says that the cookies expire at the end of the session.

    A traditional cookie has nothing to do with session.  Although, there are specialized session cookies which persist the user's session ID.  However, cookies and session cookie are still just cookies and follow cookie rules.

    Tuesday, June 2, 2015 4:00 PM
  • User362646341 posted

    mgebhard,

    I understand how cookies work and how they are locally stored. Unfortunately though, I am just unable to find exactly where they expire. If I use the debug log, I am able to see that the cookies do not have a specific expiration date when created, rather that they are set to expire at the end of the session (or when the browser is closed). This is exactly what I want, but when I click on a link to go to another page, it appears that they have already expired and that they are not available anymore. I have checked my logic and searched the entire VS project for various things, but for some reason I cannot find anything that looks like they are set to expire, or even redirected to a page to make them expire.

    I was wondering if there is a way to find out if there is a way to check for an exact time that they are set to expire, before I am redirected back to the home page. I am just having trouble stepping through the pages to see what pages I am directed, and redirected through to find the cookie expiration.

    Jereme

    Tuesday, June 2, 2015 6:20 PM
  • User-84896714 posted

    Hi JEREMER,
    Thank you for your post.
    I reviewed the posts you have posted before. It seems that the problem bother you for a long time.
    I suggest you could provider more information about your project, like the code of set cookie and the code of redirect page.
    So it can better help us troubleshoot problems. Otherwise, we can only guess.

    but when I click on a link to go to another page, it appears that they have already expired

    Does the "another page" have a some domain with your current page?

    Cookie could not be shared between different domains. For example, cookie could not be shared between www.xxx.com and abc.xxx.com.

    Hoping my reply could be helpful to you.
    Best Regards,
    Wang Li

    Wednesday, June 3, 2015 11:23 PM
  • User362646341 posted

    Li,

    You are correct and this has been troubling me for quite a while now. The domain is the same for all of the pages that I am redirecting to and clicking on links. The code that sets the cookies is the Page_Load function below:

            if (IsPostBack == true)
            {
                if (txtUserName.Text != "" && txtPassword.Text != "")
                {
                    // Check for user in DB
                    if (checkForUser(txtUserName.Text, txtPassword.Text) == false)
                    {
                        // Hide Form
                        pnlForm.Visible = false;
                        // Show Submit Panel
                        pnlSubmit.Visible = true;
    
                        // Login Message
                        lblLoginMessage.Text = "You are now logged in";
    
                        if (chkStayLoggedIn.Checked == true)
                        {
                            // Cookie Check
                            //Response.Write("Stay logged in with Cookies");
    
                            // Stay logged in
                            Response.Cookies["userID"].Expires = DateTime.Now.AddDays(30);
                            Response.Cookies["userName"].Expires = DateTime.Now.AddDays(30);
                            Response.Cookies["rightsLevel"].Expires = DateTime.Now.AddDays(30);
                        }
                    }
                    else
                    {
                        // Show Form
                        pnlForm.Visible = true;
                        // Hide Submit Panel
                        pnlSubmit.Visible = false;
    
                        // Error Message
                        lblErrorMessage.Text = "User name or password incorrect";
                    }
                }
                else
                {
                    // Error Message
                    lblErrorMessage.Text = "Please fill in user name and password";
    
                    // Show Form
                    pnlForm.Visible = true;
                    // Hide Submit Panel
                    pnlSubmit.Visible = false;
                }
            }
            else
            {
                // Show Form Panel
                pnlForm.Visible = true;
                // Hide Submit Panel
                pnlSubmit.Visible = false;
            }

    ...and the function that I am using, as follows:

     public bool checkForUser(string userNameInput, string userPasswordInput)
        {
            // Create rowCount variable
            int rowCount;
    
            try
            {
                // Get Connection String
                string connectionStringValue = ConfigurationManager.ConnectionStrings["connectionString_dbInfo"].ConnectionString;
    
                // Get Connection String
                string connectionStringReturn = connectionStringValue;
                // Create DB Connection
                SqlConnection conn = new SqlConnection(connectionStringReturn);
    
                // Create dataTable to store returned information
                DataTable dt = new DataTable();
    
                // Check for row in table
                String sql = "SELECT * FROM dbo.userDB WHERE userName = '" + userNameInput.Trim() + "' AND userPassword = '" + userPasswordInput.Trim() + "' ";

    SqlCommand cmd = new SqlCommand(sql, conn); SqlDataAdapter ad = new SqlDataAdapter(cmd); // Put returned information into dataTable ad.Fill(dt); // Get row quantity rowCount = dt.Rows.Count; // Get DB Information if (rowCount == 1) { ///////////////////////// // Get User ID from DB // ///////////////////////// Object userIDObj = dt.Rows[0]["userID"]; String DBuserID = Convert.ToString(userIDObj); // Create User Name Cookie Response.Cookies["userID"].Value = DBuserID; // TEST User Name Cookie //Response.Write("User ID: " + Request.Cookies["userID"].Value); /////////////////////////// // Get User Name from DB // /////////////////////////// Object userNameObj = dt.Rows[0]["userName"]; String DBuserName = Convert.ToString(userNameObj); // Create User Name Cookie Response.Cookies["userName"].Value = DBuserName; // TEST User Name Cookie //Response.Write("<br>User Name: " + Request.Cookies["userName"].Value); ////////////////////////////// // Get Rights Level from DB // ////////////////////////////// Object rightsLevelObj = dt.Rows[0]["rightsLevel"]; String DBuserRights = Convert.ToString(rightsLevelObj); // Create Rights Level Cookie Response.Cookies["rightsLevel"].Value = DBuserRights; // TEST Rights Level Cookie //Response.Write("<br>User Rights: " + Request.Cookies["rightsLevel"].Value); // Row valid // Login return false; } else if (rowCount == 0) { // No rows to return // Do not login return true; } else if (rowCount > 1) { // Too many rows // Do not login return true; } else { // Else return -1 rowCount = -1; return true; } } catch (SqlException sqlex) { // Output database TRY error above Response.Write("SQL Error: " + sqlex.Message.ToString()); // Else return false return true; } }

    The code seems to work, but I have various MasterPage files, header / footer UserControls, etc. that are all working as well. I have tried:

    - eliminating various parts of of the code
    - commenting out cookie "expire" commands
    - removing UserControls that load with the page

    I have searched the entire project for everything that I can think of that might cause this, but no matter what I comment out, it still does the same thing.

    - Lets me PostBack when I submit the form
    - runs the checkForUser function
    - creates the cookie
    - loads that PostBack panel and changes items that look for user cookies

    ...but when I click on any other page within the domain, the cookies expire and everything goes back to the pre-PostBack state.

    Thursday, June 4, 2015 1:24 AM
  • User-84896714 posted

    Hi JEREMER,
    From the current code, I could not found the error.
    Could you please provider the code of this part?

    - loads that PostBack panel and changes items that look for user cookies

    And you could searh all code related cookie use Solution Search(Ctrl+Shift+F).
    Best Regards,
    Wang Li

    Thursday, June 4, 2015 5:46 AM
  • User71929859 posted

    I didn't fully understand your code. It seems like you are accessing the cookie which is in Response object. Can you try to access the cookie by Request object instead? Check the below links for the same sort of problem

    http://stackoverflow.com/questions/207878/cookie-loses-value-in-asp-net

    http://stackoverflow.com/questions/456807/asp-mvc-cookies-not-persisting/590258#590258

    Friday, June 5, 2015 1:48 AM
  • User362646341 posted

    Ruchira,
    As far as I can tell, my login page works fine and the cookies are defined from values in the User database. The problem is that I am having trouble finding when/where the cookies are set to expire.

    Li Wang,
    Thank you for responding but the code you are asking for is part of my last post. The problem I am having is that I cannot find where the cookies are set to expire.

    Unless someone has any ideas of how I would find what page the cookies are set to expire on, I may just have to use the Ctrl+Shift+F, and keep searching the entire project for something... if anyone has ideas, please let me know.

    Thank you,
    Jereme

    Saturday, June 6, 2015 10:11 PM
  • User-84896714 posted

    Hi JEREMER,

    Does there exists a record in User table which with username value of "" and password  value of ""?

    If so, may be that cause the expired cookie.

    Best Regard,

    Wang Li

    Friday, June 12, 2015 4:56 AM
  • User362646341 posted

    Li Wang,
    There are no userName or password values of "" or NULL in the table.

    If I search the entire site for "expires" using Ctrl+Shift+S, there are only two pages that the user-cookie expiration date is set. One is the "login" page and the other is the "logOut" page. I have also tried creating a blank page that ONLY creates cookies, the values still disappear/expire when I go to another page on the site.

    Any other suggestions?!?!?

    Please help

    Tuesday, September 15, 2015 9:30 PM
  • User362646341 posted

    Does anyone have any ideas? I am completely stumped as to what I am missing here.

    Wednesday, September 16, 2015 11:03 PM
  • User475983607 posted

    Does anyone have any ideas? I am completely stumped as to what I am missing here.

    Have you tried a different browser or verified your browser accepts cookies?

    Thursday, September 17, 2015 5:33 AM
  • User362646341 posted

    I have tried different browsers and the result is the same.

    Thursday, September 17, 2015 6:15 PM
  • User362646341 posted

    I finally figured this out!!! At some point I had an SSL account, but I let this expire because I was not working on the merchant part of my account. You can create a tag in the web.config file, to "only send cookies over SSL". Apparently this was accidentally created at some point, and set to true:

    <httpCookies httpOnlyCookies="true" requireSSL="true"/>

    I set this to "FALSE" now that the SSL certificate is expired, and everything works fine again.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, June 8, 2016 4:19 AM