locked
Authentication Cookie Expiry date in the past RRS feed

  • Question

  • User-1802931265 posted

    Have a very odd thing happening at one of our client sites..  

    When they open the website, it allows them to login ok, but as soon as they do anything that causes a postback, it redirects to the login screen.

    In the web.config we have the usual..

    <authentication mode="Forms">
         <forms name=".IawAUTH" loginUrl="~/secure/Login.aspx" protection="All" timeout="25" slidingExpiration="true" />
    </authentication>

    When we look at the cookie (in chrome) it usually says   Expires   When the browsing session ends

    But on the problem machine it always says   Expires  Tuesday, 12 October 1999 at 00:00:12

    What might be causing it ?

    Thursday, September 26, 2019 10:10 AM

All replies

  • User475983607 posted

    Perhaps the user configure their browser to not allow cookies.

    Thursday, September 26, 2019 10:39 AM
  • User-1802931265 posted

    No, I see it when I try too, and I can see the cookie, its expiry date is just wrong.

    Thursday, September 26, 2019 11:27 AM
  • User-1802931265 posted

    Hmm.. mystery deepens..

    Internet Explorer 11 Works ok
    Microsoft Edge v44.18362.267.0 Works ok
    Chrome v77.0.3865.90 Does not work
    Opera v63.0.3368.94 Does not work

    Thursday, September 26, 2019 12:31 PM
  • User475983607 posted

    I suspect your test is flawed in some unexpected way.  The server simply sends the cookie to the server that created the cookie.  if the browser does not send the cookie back then there is a configuration issue on the client.  Especially, if other browsers function as expected.  Check the timezone settings and if the browser are configured to block cookies.  

    Thursday, September 26, 2019 1:09 PM
  • User-1802931265 posted

    The client is fine, it works on other client's sites running the same website code with no problems, there is just something that is causing chrome to get the expiration on that one particular cookie to have the wrong Expiration date.

    Thursday, September 26, 2019 1:24 PM
  • User475983607 posted

    The client is fine, it works on other client's sites running the same website code with no problems, there is just something that is causing chrome to get the expiration on that one particular cookie to have the wrong Expiration date.

    Browser cookie behavior is deterministic and has very little to do with the web server unless the web services system clock is incorrect.

    This comment is unclear, "it works on other client's sites running the same website code with no problems".   This web application is installed installed at many different locations and one location is not working?

    Thursday, September 26, 2019 1:47 PM
  • User-1802931265 posted

    ok, I've found out what the oct 12 1999 is all about..

    https://stackoverflow.com/questions/701030/whats-the-significance-of-oct-12-1999

    • Oct 12 1999 is exactly 80 days before 1-1 2000.
    • For some people the year 2000 was the end of the world
    • As we know, it takes 80 days to go around the world.
    • So oct 12 1999 was the last possible day to go around the world.
    • As we know internet is wrapped around the world.
    • So packets (and also cookies) travel around the world.
    • The expiration date of Oct 12 1999 is the symbolic last day a packet could be send.
    • There is no need to send it later than this date.
    • So this is the symbolic date for do not expire.

    We have found that this is something to do with HTTP Redirect being turned on for a different site at a higher level.   still trying to work out what they've done.

    Thursday, September 26, 2019 4:26 PM