Cookie expiration issues

[SJ]

Hi,

In my website, i have a cookie that allows the user to remain logged in for
upto 90days. So I'm setting the cookie expiration time to 90 days in the
future from the time the user logs in. I've been testing my code and for
some reason, the cookie expires randomly before even 24 hrs has passed.
Yesterday it expired after 11hrs and 20mins.

Any idea why my cookie expiration isn't working?

In case you need them, here are the values of other timeouts in my
machine.config and web.config files:
web.config -- sessionState timeout="60"
machine.config -- forms timeout="60", sessionState timeout="60"

thanks,
-SJ.

 

[Hans Kesting]

Hi,

In my website, i have a cookie that allows the user to remain logged in for
upto 90days. So I'm setting the cookie expiration time to 90 days in the
future from the time the user logs in. I've been testing my code and for
some reason, the cookie expires randomly before even 24 hrs has passed.
Yesterday it expired after 11hrs and 20mins.

Any idea why my cookie expiration isn't working?

In case you need them, here are the values of other timeouts in my
machine.config and web.config files:
web.config -- sessionState timeout="60"
machine.config -- forms timeout="60", sessionState timeout="60"

thanks,
-SJ.

The other timeout settings have nothing to do with the cookie-timeout.

How do you set the expiration date of your cookie?

How do you see that "timeout"? It could be due to the user removing the
cookie (maybe by running a "cleanup junk" type of program)

Hans Kesting

 

[SJ]

I'm the user and I'm not removing hte cookie. I'm using a program that shows
cookie information(including when the cookie expired) for Internet Explorer.
I set my cookie through code as follows:
public static bool LoginUser(int aPersonID, string userRole, bool
persistentLogon)
{
try
{
// This is set in Web.Config <authentication> section
string authCookieName = FormsAuthentication.FormsCookieName;
// Save crucial data in userData
string[] userDataArray = {aPersonID.ToString(), userRole};
string userData = String.Join("|", userDataArray);

// Standard authentication cookie is good for 60 minutes
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1, // Version number
aPersonID.ToString(), // Name associated with ticket
System.DateTime.Now, // Time cookie issued
System.DateTime.Now.AddMinutes(60), // Expiration for cookie
persistentLogon, // Cookie persistence
userData, // User Data
FormsAuthentication.FormsCookiePath); // Cookie Path

// Encrypt the ticket.
string encTicket = FormsAuthentication.Encrypt(ticket);

HttpContext.Current.Response.Cookies[authCookieName].Value =
encTicket;
if (persistentLogon)
// Keep Authentication cookie around for 90 days
HttpContext.Current.Response.Cookies[authCookieName].Expires =
DateTime.Now.AddDays(90);// + new TimeSpan(90,0,0,0);
else
// Keep Authentication cookie around for 60 minutes
HttpContext.Current.Response.Cookies[authCookieName].Expires =
DateTime.Now.AddMinutes(60);// + new TimeSpan(0,0,60,0);

return (true);
}
catch(System.Threading.ThreadAbortException){}
catch(Exception ex)
{
Log.WriteException("Web.LoginUser()", ex);
}
return (false);
}// LoginUser()

 

[SJ]

Any idea anyone?

-SJ

I'm the user and I'm not removing hte cookie. I'm using a program that shows
cookie information(including when the cookie expired) for Internet Explorer.
I set my cookie through code as follows:
public static bool LoginUser(int aPersonID, string userRole, bool
persistentLogon)
{
try
{
// This is set in Web.Config <authentication> section
string authCookieName = FormsAuthentication.FormsCookieName;
// Save crucial data in userData
string[] userDataArray = {aPersonID.ToString(), userRole};
string userData = String.Join("|", userDataArray);

// Standard authentication cookie is good for 60 minutes
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1, // Version number
aPersonID.ToString(), // Name associated with ticket
System.DateTime.Now, // Time cookie issued
System.DateTime.Now.AddMinutes(60), // Expiration for cookie
persistentLogon, // Cookie persistence
userData, // User Data
FormsAuthentication.FormsCookiePath); // Cookie Path

// Encrypt the ticket.
string encTicket = FormsAuthentication.Encrypt(ticket);

HttpContext.Current.Response.Cookies[authCookieName].Value =
encTicket;
if (persistentLogon)
// Keep Authentication cookie around for 90 days
HttpContext.Current.Response.Cookies[authCookieName].Expires =
DateTime.Now.AddDays(90);// + new TimeSpan(90,0,0,0);
else
// Keep Authentication cookie around for 60 minutes
HttpContext.Current.Response.Cookies[authCookieName].Expires =
DateTime.Now.AddMinutes(60);// + new TimeSpan(0,0,60,0);

return (true);
}
catch(System.Threading.ThreadAbortException){}
catch(Exception ex)
{
Log.WriteException("Web.LoginUser()", ex);
}
return (false);
}// LoginUser()

in

for

The other timeout settings have nothing to do with the cookie-timeout.

How do you set the expiration date of your cookie?

How do you see that "timeout"? It could be due to the user removing the
cookie (maybe by running a "cleanup junk" type of program)

Hans Kesting

 

[Guest]

The problem might lie in what you do after the LoginUser returns. I found
this thread because I was having a similar problem; after much debugging it
turned out that I was calling RedirectFromLoginPage, which could also set the
cookie (depending on the argument), and all the changes you've made to it
will be overwritten -- at least that was the problem in my case. The fix was
to call RedirectFromLoginPage, and THEN change Expires property. Either that,
or call Response.Redirect instead.

Also: check slidingExpiration setting in the <forms> section of web.config.

Valery P.

Any idea anyone?

-SJ

I'm the user and I'm not removing hte cookie. I'm using a program that shows
cookie information(including when the cookie expired) for Internet Explorer.
I set my cookie through code as follows:
public static bool LoginUser(int aPersonID, string userRole, bool
persistentLogon)
{
try
{
// This is set in Web.Config <authentication> section
string authCookieName = FormsAuthentication.FormsCookieName;
// Save crucial data in userData
string[] userDataArray = {aPersonID.ToString(), userRole};
string userData = String.Join("|", userDataArray);

// Standard authentication cookie is good for 60 minutes
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1, // Version number
aPersonID.ToString(), // Name associated with ticket
System.DateTime.Now, // Time cookie issued
System.DateTime.Now.AddMinutes(60), // Expiration for cookie
persistentLogon, // Cookie persistence
userData, // User Data
FormsAuthentication.FormsCookiePath); // Cookie Path

// Encrypt the ticket.
string encTicket = FormsAuthentication.Encrypt(ticket);

HttpContext.Current.Response.Cookies[authCookieName].Value =
encTicket;
if (persistentLogon)
// Keep Authentication cookie around for 90 days
HttpContext.Current.Response.Cookies[authCookieName].Expires =
DateTime.Now.AddDays(90);// + new TimeSpan(90,0,0,0);
else
// Keep Authentication cookie around for 60 minutes
HttpContext.Current.Response.Cookies[authCookieName].Expires =
DateTime.Now.AddMinutes(60);// + new TimeSpan(0,0,60,0);

return (true);
}
catch(System.Threading.ThreadAbortException){}
catch(Exception ex)
{
Log.WriteException("Web.LoginUser()", ex);
}
return (false);
}// LoginUser()

Hi,

In my website, i have a cookie that allows the user to remain logged

in

for
upto 90days. So I'm setting the cookie expiration time to 90 days in the
future from the time the user logs in. I've been testing my code and for
some reason, the cookie expires randomly before even 24 hrs has passed.
Yesterday it expired after 11hrs and 20mins.

Any idea why my cookie expiration isn't working?

In case you need them, here are the values of other timeouts in my
machine.config and web.config files:
web.config -- sessionState timeout="60"
machine.config -- forms timeout="60", sessionState timeout="60"

thanks,
-SJ.

The other timeout settings have nothing to do with the cookie-timeout.

How do you set the expiration date of your cookie?

How do you see that "timeout"? It could be due to the user removing the
cookie (maybe by running a "cleanup junk" type of program)

Hans Kesting

 

[Guest]

Forgot to mention: you can always spy on the cookie you are setting in
C:\Documents and Settings\<user>\Local Settings\Temporary Internet Files.
Otherwise it's very difficult to debug. Sort by "Last Modified" to get it to
the top (or bottom) of the list.

VP

Any idea anyone?

-SJ

I'm the user and I'm not removing hte cookie. I'm using a program that shows
cookie information(including when the cookie expired) for Internet Explorer.
I set my cookie through code as follows:
public static bool LoginUser(int aPersonID, string userRole, bool
persistentLogon)
{
try
{
// This is set in Web.Config <authentication> section
string authCookieName = FormsAuthentication.FormsCookieName;
// Save crucial data in userData
string[] userDataArray = {aPersonID.ToString(), userRole};
string userData = String.Join("|", userDataArray);

// Standard authentication cookie is good for 60 minutes
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1, // Version number
aPersonID.ToString(), // Name associated with ticket
System.DateTime.Now, // Time cookie issued
System.DateTime.Now.AddMinutes(60), // Expiration for cookie
persistentLogon, // Cookie persistence
userData, // User Data
FormsAuthentication.FormsCookiePath); // Cookie Path

// Encrypt the ticket.
string encTicket = FormsAuthentication.Encrypt(ticket);

HttpContext.Current.Response.Cookies[authCookieName].Value =
encTicket;
if (persistentLogon)
// Keep Authentication cookie around for 90 days
HttpContext.Current.Response.Cookies[authCookieName].Expires =
DateTime.Now.AddDays(90);// + new TimeSpan(90,0,0,0);
else
// Keep Authentication cookie around for 60 minutes
HttpContext.Current.Response.Cookies[authCookieName].Expires =
DateTime.Now.AddMinutes(60);// + new TimeSpan(0,0,60,0);

return (true);
}
catch(System.Threading.ThreadAbortException){}
catch(Exception ex)
{
Log.WriteException("Web.LoginUser()", ex);
}
return (false);
}// LoginUser()

Hi,

In my website, i have a cookie that allows the user to remain logged

in

for
upto 90days. So I'm setting the cookie expiration time to 90 days in the
future from the time the user logs in. I've been testing my code and for
some reason, the cookie expires randomly before even 24 hrs has passed.
Yesterday it expired after 11hrs and 20mins.

Any idea why my cookie expiration isn't working?

In case you need them, here are the values of other timeouts in my
machine.config and web.config files:
web.config -- sessionState timeout="60"
machine.config -- forms timeout="60", sessionState timeout="60"

thanks,
-SJ.

The other timeout settings have nothing to do with the cookie-timeout.

How do you set the expiration date of your cookie?

How do you see that "timeout"? It could be due to the user removing the
cookie (maybe by running a "cleanup junk" type of program)

Hans Kesting