Cookies Expiring due to different time zones.

Discussion in 'ASP .Net' started by Omer, Dec 8, 2006.

  1. Omer

    Omer Guest

    hi Everyone,
    I am using ASP.Net 2.0. When user logins, I check the credential and
    then made the cookie. My hoster's server is in Arizona region and I am
    in Pakistan. I set cookie's expiration time as 4 hours. It works
    perfectly fine on my PC and many other PCs which have correct time.
    But, if I set date to some old date, user is simply unable to login.
    This makes sense as probably cookie timing is not matching. Dilemma is
    that many users at home do not have correct time :( and probably thats
    why, everyday we get 4-5 mails at support maintaining that they are
    unable to login. Can you please tell me what I can do to resolve this
    issue. This is the code I am using to create the ticket,

    FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
    this.loginUser1.UserName, DateTime.Now, DateTime.Now.AddHours(4),
    this.loginUser1.RememberMeSet, userData);

    string cookieStr = FormsAuthentication.Encrypt(ticket);
    HttpCookie cookie = new
    HttpCookie(FormsAuthentication.FormsCookieName, cookieStr);
    if (this.loginUser1.RememberMeSet)
    {
    cookie.Expires = ticket.Expiration;
    }

    cookie.Path = FormsAuthentication.FormsCookiePath;
    Response.Cookies.Add(cookie);

    And this is what I am doing in Global.asax's
    Application_AuthenticateRequest function,

    if (!(HttpContext.Current.User == null))
    {
    if (HttpContext.Current.User.Identity.AuthenticationType ==
    "Forms")
    {
    System.Web.Security.FormsIdentity id;
    id =
    (System.Web.Security.FormsIdentity)HttpContext.Current.User.Identity;
    string[] userData = id.Ticket.UserData.Split(new
    string[] { "," },

    StringSplitOptions.RemoveEmptyEntries);

    HttpContext.Current.User = new
    System.Security.Principal.GenericPrincipal(id, userData);
    }
    }

    Bye,
    Omer
     
    Omer, Dec 8, 2006
    #1
    1. Advertising

  2. Omer

    Omer Guest

    Hi Guys,
    I will really appreciate, if someone can give me some guidance.
    Bye,
    Omer.
    Omer wrote:
    > hi Everyone,
    > I am using ASP.Net 2.0. When user logins, I check the credential and
    > then made the cookie. My hoster's server is in Arizona region and I am
    > in Pakistan. I set cookie's expiration time as 4 hours. It works
    > perfectly fine on my PC and many other PCs which have correct time.
    > But, if I set date to some old date, user is simply unable to login.
    > This makes sense as probably cookie timing is not matching. Dilemma is
    > that many users at home do not have correct time :( and probably thats
    > why, everyday we get 4-5 mails at support maintaining that they are
    > unable to login. Can you please tell me what I can do to resolve this
    > issue. This is the code I am using to create the ticket,
    >
    > FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
    > this.loginUser1.UserName, DateTime.Now, DateTime.Now.AddHours(4),
    > this.loginUser1.RememberMeSet, userData);
    >
    > string cookieStr = FormsAuthentication.Encrypt(ticket);
    > HttpCookie cookie = new
    > HttpCookie(FormsAuthentication.FormsCookieName, cookieStr);
    > if (this.loginUser1.RememberMeSet)
    > {
    > cookie.Expires = ticket.Expiration;
    > }
    >
    > cookie.Path = FormsAuthentication.FormsCookiePath;
    > Response.Cookies.Add(cookie);
    >
    > And this is what I am doing in Global.asax's
    > Application_AuthenticateRequest function,
    >
    > if (!(HttpContext.Current.User == null))
    > {
    > if (HttpContext.Current.User.Identity.AuthenticationType ==
    > "Forms")
    > {
    > System.Web.Security.FormsIdentity id;
    > id =
    > (System.Web.Security.FormsIdentity)HttpContext.Current.User.Identity;
    > string[] userData = id.Ticket.UserData.Split(new
    > string[] { "," },
    >
    > StringSplitOptions.RemoveEmptyEntries);
    >
    > HttpContext.Current.User = new
    > System.Security.Principal.GenericPrincipal(id, userData);
    > }
    > }
    >
    > Bye,
    > Omer
     
    Omer, Dec 8, 2006
    #2
    1. Advertising

  3. re:
    > I set cookie's expiration time as 4 hours. It works
    > perfectly fine on my PC and many other PCs which have correct time.
    > But, if I set date to some old date, user is simply unable to login.


    That makes sense, given that users should not
    remain authenticated when their tickets have expired.

    re:
    > Can you please tell me what I can do to resolve this
    > issue. This is the code I am using to create the ticket,


    Your code is fine. It works as it should.
    Your problem is that you're using an extremely short time for the cookie expiration.

    Is there any reason for you not to set the expiration to 25 hours ?
    That would overlap all timezones, eliminating the problem.




    Juan T. Llibre, asp.net MVP
    asp.net faq : http://asp.net.do/faq/
    foros de asp.net, en español : http://asp.net.do/foros/
    ===================================
    "Omer" <> wrote in message
    news:...
    > hi Everyone,
    > I am using ASP.Net 2.0. When user logins, I check the credential and
    > then made the cookie. My hoster's server is in Arizona region and I am
    > in Pakistan. I set cookie's expiration time as 4 hours. It works
    > perfectly fine on my PC and many other PCs which have correct time.
    > But, if I set date to some old date, user is simply unable to login.
    > This makes sense as probably cookie timing is not matching. Dilemma is
    > that many users at home do not have correct time :( and probably thats
    > why, everyday we get 4-5 mails at support maintaining that they are
    > unable to login. Can you please tell me what I can do to resolve this
    > issue. This is the code I am using to create the ticket,
    >
    > FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
    > this.loginUser1.UserName, DateTime.Now, DateTime.Now.AddHours(4),
    > this.loginUser1.RememberMeSet, userData);
    >
    > string cookieStr = FormsAuthentication.Encrypt(ticket);
    > HttpCookie cookie = new
    > HttpCookie(FormsAuthentication.FormsCookieName, cookieStr);
    > if (this.loginUser1.RememberMeSet)
    > {
    > cookie.Expires = ticket.Expiration;
    > }
    >
    > cookie.Path = FormsAuthentication.FormsCookiePath;
    > Response.Cookies.Add(cookie);
    >
    > And this is what I am doing in Global.asax's
    > Application_AuthenticateRequest function,
    >
    > if (!(HttpContext.Current.User == null))
    > {
    > if (HttpContext.Current.User.Identity.AuthenticationType ==
    > "Forms")
    > {
    > System.Web.Security.FormsIdentity id;
    > id =
    > (System.Web.Security.FormsIdentity)HttpContext.Current.User.Identity;
    > string[] userData = id.Ticket.UserData.Split(new
    > string[] { "," },
    >
    > StringSplitOptions.RemoveEmptyEntries);
    >
    > HttpContext.Current.User = new
    > System.Security.Principal.GenericPrincipal(id, userData);
    > }
    > }
    >
    > Bye,
    > Omer
    >
     
    Juan T. Llibre, Dec 8, 2006
    #3
  4. Omer

    Omer Guest

    Actually its not exactly the time zone problem. Problem is that many
    users in my country do not really have maintained PCs, which mean that
    there is a high possibility that their PC date is not correct. My
    cookie is setting time according to my server. If some one tries to
    login on 8th December and his PC has the date 20th July then he is
    just not able to login. Is there any way I can set cookie expiration
    time according to client PC. I am showing a warning on the 'Trouble
    Login Page?' but we all know that people take this as a developmnt
    fault instead of thinking that this is how technology is supposed to
    work. You just can't give this excuse to users :(

    Juan T. Llibre wrote:
    > re:
    > > I set cookie's expiration time as 4 hours. It works
    > > perfectly fine on my PC and many other PCs which have correct time.
    > > But, if I set date to some old date, user is simply unable to login.

    >
    > That makes sense, given that users should not
    > remain authenticated when their tickets have expired.
    >
    > re:
    > > Can you please tell me what I can do to resolve this
    > > issue. This is the code I am using to create the ticket,

    >
    > Your code is fine. It works as it should.
    > Your problem is that you're using an extremely short time for the cookie expiration.
    >
    > Is there any reason for you not to set the expiration to 25 hours ?
    > That would overlap all timezones, eliminating the problem.
    >
    >
    >
    >
    > Juan T. Llibre, asp.net MVP
    > asp.net faq : http://asp.net.do/faq/
    > foros de asp.net, en español : http://asp.net.do/foros/
    > ===================================
    > "Omer" <> wrote in message
    > news:...
    > > hi Everyone,
    > > I am using ASP.Net 2.0. When user logins, I check the credential and
    > > then made the cookie. My hoster's server is in Arizona region and I am
    > > in Pakistan. I set cookie's expiration time as 4 hours. It works
    > > perfectly fine on my PC and many other PCs which have correct time.
    > > But, if I set date to some old date, user is simply unable to login.
    > > This makes sense as probably cookie timing is not matching. Dilemma is
    > > that many users at home do not have correct time :( and probably thats
    > > why, everyday we get 4-5 mails at support maintaining that they are
    > > unable to login. Can you please tell me what I can do to resolve this
    > > issue. This is the code I am using to create the ticket,
    > >
    > > FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
    > > this.loginUser1.UserName, DateTime.Now, DateTime.Now.AddHours(4),
    > > this.loginUser1.RememberMeSet, userData);
    > >
    > > string cookieStr = FormsAuthentication.Encrypt(ticket);
    > > HttpCookie cookie = new
    > > HttpCookie(FormsAuthentication.FormsCookieName, cookieStr);
    > > if (this.loginUser1.RememberMeSet)
    > > {
    > > cookie.Expires = ticket.Expiration;
    > > }
    > >
    > > cookie.Path = FormsAuthentication.FormsCookiePath;
    > > Response.Cookies.Add(cookie);
    > >
    > > And this is what I am doing in Global.asax's
    > > Application_AuthenticateRequest function,
    > >
    > > if (!(HttpContext.Current.User == null))
    > > {
    > > if (HttpContext.Current.User.Identity.AuthenticationType ==
    > > "Forms")
    > > {
    > > System.Web.Security.FormsIdentity id;
    > > id =
    > > (System.Web.Security.FormsIdentity)HttpContext.Current.User.Identity;
    > > string[] userData = id.Ticket.UserData.Split(new
    > > string[] { "," },
    > >
    > > StringSplitOptions.RemoveEmptyEntries);
    > >
    > > HttpContext.Current.User = new
    > > System.Security.Principal.GenericPrincipal(id, userData);
    > > }
    > > }
    > >
    > > Bye,
    > > Omer
    > >
     
    Omer, Dec 8, 2006
    #4
  5. Omer

    Hans Kesting Guest

    > Actually its not exactly the time zone problem. Problem is that many
    > users in my country do not really have maintained PCs, which mean that
    > there is a high possibility that their PC date is not correct. My
    > cookie is setting time according to my server. If some one tries to
    > login on 8th December and his PC has the date 20th July then he is
    > just not able to login. Is there any way I can set cookie expiration
    > time according to client PC. I am showing a warning on the 'Trouble
    > Login Page?' but we all know that people take this as a developmnt
    > fault instead of thinking that this is how technology is supposed to
    > work. You just can't give this excuse to users :(
    >


    Maybe this:
    on the login page, add some javascript function that automatically
    fills some hidden input with the current date/time, as reported by the
    client PC. Use this date as the basis for your cookie timeout (as an
    absolute expiry date).

    Hans Kesting
     
    Hans Kesting, Dec 8, 2006
    #5
  6. re:
    > Problem is that many sers in my country do not really have maintained PCs,
    > which mean that there is a high possibility that their PC date is not correct.


    You cannot program to cover all people's stupidities.

    re:
    > Is there any way I can set cookie expiration time according to client PC.


    1. set the cookie with javascript in your aspx login page
    2. post to your aspx login, sending the cookie's date in a hidden field
    3. read the cookie's date/time (in the hidden field) before logging in the user
    4. set the aspx login cookie using the date/time in the hidden field

    That might get tricky, though.

    re:
    > we all know that people take this as a developmnt fault instead of thinking that
    > this is how technology is supposed to work. You just can't give this excuse to users


    That's not an excuse. Educate your users.
    Telling your users that the site needs their clocks set to the correct date is OK.




    Juan T. Llibre, asp.net MVP
    asp.net faq : http://asp.net.do/faq/
    foros de asp.net, en español : http://asp.net.do/foros/
    ===================================
    "Omer" <> wrote in message
    news:...
    Actually its not exactly the time zone problem. Problem is that many
    users in my country do not really have maintained PCs, which mean that
    there is a high possibility that their PC date is not correct. My
    cookie is setting time according to my server. If some one tries to
    login on 8th December and his PC has the date 20th July then he is
    just not able to login. Is there any way I can set cookie expiration
    time according to client PC. I am showing a warning on the 'Trouble
    Login Page?' but we all know that people take this as a developmnt
    fault instead of thinking that this is how technology is supposed to
    work. You just can't give this excuse to users :(

    Juan T. Llibre wrote:
    > re:
    > > I set cookie's expiration time as 4 hours. It works
    > > perfectly fine on my PC and many other PCs which have correct time.
    > > But, if I set date to some old date, user is simply unable to login.

    >
    > That makes sense, given that users should not
    > remain authenticated when their tickets have expired.
    >
    > re:
    > > Can you please tell me what I can do to resolve this
    > > issue. This is the code I am using to create the ticket,

    >
    > Your code is fine. It works as it should.
    > Your problem is that you're using an extremely short time for the cookie expiration.
    >
    > Is there any reason for you not to set the expiration to 25 hours ?
    > That would overlap all timezones, eliminating the problem.
    >
    >
    >
    >
    > Juan T. Llibre, asp.net MVP
    > asp.net faq : http://asp.net.do/faq/
    > foros de asp.net, en español : http://asp.net.do/foros/
    > ===================================
    > "Omer" <> wrote in message
    > news:...
    > > hi Everyone,
    > > I am using ASP.Net 2.0. When user logins, I check the credential and
    > > then made the cookie. My hoster's server is in Arizona region and I am
    > > in Pakistan. I set cookie's expiration time as 4 hours. It works
    > > perfectly fine on my PC and many other PCs which have correct time.
    > > But, if I set date to some old date, user is simply unable to login.
    > > This makes sense as probably cookie timing is not matching. Dilemma is
    > > that many users at home do not have correct time :( and probably thats
    > > why, everyday we get 4-5 mails at support maintaining that they are
    > > unable to login. Can you please tell me what I can do to resolve this
    > > issue. This is the code I am using to create the ticket,
    > >
    > > FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
    > > this.loginUser1.UserName, DateTime.Now, DateTime.Now.AddHours(4),
    > > this.loginUser1.RememberMeSet, userData);
    > >
    > > string cookieStr = FormsAuthentication.Encrypt(ticket);
    > > HttpCookie cookie = new
    > > HttpCookie(FormsAuthentication.FormsCookieName, cookieStr);
    > > if (this.loginUser1.RememberMeSet)
    > > {
    > > cookie.Expires = ticket.Expiration;
    > > }
    > >
    > > cookie.Path = FormsAuthentication.FormsCookiePath;
    > > Response.Cookies.Add(cookie);
    > >
    > > And this is what I am doing in Global.asax's
    > > Application_AuthenticateRequest function,
    > >
    > > if (!(HttpContext.Current.User == null))
    > > {
    > > if (HttpContext.Current.User.Identity.AuthenticationType ==
    > > "Forms")
    > > {
    > > System.Web.Security.FormsIdentity id;
    > > id =
    > > (System.Web.Security.FormsIdentity)HttpContext.Current.User.Identity;
    > > string[] userData = id.Ticket.UserData.Split(new
    > > string[] { "," },
    > >
    > > StringSplitOptions.RemoveEmptyEntries);
    > >
    > > HttpContext.Current.User = new
    > > System.Security.Principal.GenericPrincipal(id, userData);
    > > }
    > > }
    > >
    > > Bye,
    > > Omer
    > >
     
    Juan T. Llibre, Dec 8, 2006
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Fresh
    Replies:
    2
    Views:
    654
    Bo Persson
    Apr 22, 2008
  2. Eric Wertman

    time module question - time zones

    Eric Wertman, May 21, 2008, in forum: Python
    Replies:
    0
    Views:
    512
    Eric Wertman
    May 21, 2008
  3. Eric Wertman

    Re: time module question - time zones

    Eric Wertman, May 21, 2008, in forum: Python
    Replies:
    0
    Views:
    515
    Eric Wertman
    May 21, 2008
  4. Harlan Messinger

    Dates, time zones,daylight saving time

    Harlan Messinger, Apr 15, 2010, in forum: ASP .Net
    Replies:
    1
    Views:
    1,035
    Eric Isaacs
    Apr 16, 2010
  5. David Graham

    cookie expire time and time zones

    David Graham, Nov 20, 2003, in forum: Javascript
    Replies:
    6
    Views:
    287
    Dr John Stockton
    Nov 22, 2003
Loading...

Share This Page