I have been fighting for quite a while now but I just can't figure it out. I am having trouble with cookies expring almost immediately, or what appears to be immediately after they are created. I may have created something on my site that inadvertantly does
this, but I cannot figure out where or what page, masterPage, etc. the cookies expire on.
I have used the F12 debug log to figure this out but the log says that the cookies expire at the end of the session. When I click on a link to go away from the login confirmation page, they cookies have already expired. Is there a definite way to figure
out exactly what page, line, etc. makes them expire?
Is there a definite way to figure out exactly what page, line, etc. makes them expire?
Cookies area created with an expiration date and time. If the expiration is exceeded the browser does not send the cookie. It could be that the cookie is created with a very short expiration. It could also be that a some page is setting the expiration.
Do a search for Response.Cookies.Add and see what you find.
I have used the F12 debug log to figure this out but the log says that the cookies expire at the end of the session.
A traditional cookie has nothing to do with session. Although, there are specialized session cookies which persist the user's session ID. However, cookies and session cookie are still just cookies and follow cookie rules.
I understand how cookies work and how they are locally stored. Unfortunately though, I am just unable to find exactly where they expire. If I use the debug log, I am able to see that the cookies do not have a specific expiration date when created, rather
that they are set to expire at the end of the session (or when the browser is closed). This is exactly what I want, but when I click on a link to go to another page, it appears that they have already expired and that they are not available anymore. I have
checked my logic and searched the entire VS project for various things, but for some reason I cannot find anything that looks like they are set to expire, or even redirected to a page to make them expire.
I was wondering if there is a way to find out if there is a way to check for an exact time that they are set to expire, before I am redirected back to the home page. I am just having trouble stepping through the pages to see what pages I am directed, and
redirected through to find the cookie expiration.
Hi JEREMER,
Thank you for your post.
I reviewed the posts you have posted before. It seems that the problem bother you for a long time.
I suggest you could provider more information about your project, like the code of set cookie and the code of redirect page.
So it can better help us troubleshoot problems. Otherwise, we can only guess.
JEREMER
but when I click on a link to go to another page, it appears that they have already expired
Does the "another page" have a some domain with your current page?
Cookiecould not be
sharedbetween differentdomains. For example, cookie could not be shared between
www.xxx.com and abc.xxx.com.
Hoping my reply could be helpful to you.
Best Regards,
Wang Li
You are correct and this has been troubling me for quite a while now. The domain is the same for all of the pages that I am redirecting to and clicking on links. The code that sets the cookies is the Page_Load function below:
if (IsPostBack == true)
{
if (txtUserName.Text != "" && txtPassword.Text != "")
{
// Check for user in DB
if (checkForUser(txtUserName.Text, txtPassword.Text) == false)
{
// Hide Form
pnlForm.Visible = false;
// Show Submit Panel
pnlSubmit.Visible = true;
// Login Message
lblLoginMessage.Text = "You are now logged in";
if (chkStayLoggedIn.Checked == true)
{
// Cookie Check
//Response.Write("Stay logged in with Cookies");
// Stay logged in
Response.Cookies["userID"].Expires = DateTime.Now.AddDays(30);
Response.Cookies["userName"].Expires = DateTime.Now.AddDays(30);
Response.Cookies["rightsLevel"].Expires = DateTime.Now.AddDays(30);
}
}
else
{
// Show Form
pnlForm.Visible = true;
// Hide Submit Panel
pnlSubmit.Visible = false;
// Error Message
lblErrorMessage.Text = "User name or password incorrect";
}
}
else
{
// Error Message
lblErrorMessage.Text = "Please fill in user name and password";
// Show Form
pnlForm.Visible = true;
// Hide Submit Panel
pnlSubmit.Visible = false;
}
}
else
{
// Show Form Panel
pnlForm.Visible = true;
// Hide Submit Panel
pnlSubmit.Visible = false;
}
...and the function that I am using, as follows:
public bool checkForUser(string userNameInput, string userPasswordInput)
{
// Create rowCount variable
int rowCount;
try
{
// Get Connection String
string connectionStringValue = ConfigurationManager.ConnectionStrings["connectionString_dbInfo"].ConnectionString;
// Get Connection String
string connectionStringReturn = connectionStringValue;
// Create DB Connection
SqlConnection conn = new SqlConnection(connectionStringReturn);
// Create dataTable to store returned information
DataTable dt = new DataTable();
// Check for row in table
String sql = "SELECT * FROM dbo.userDB WHERE userName = '" + userNameInput.Trim() + "' AND userPassword = '" + userPasswordInput.Trim() + "' ";
SqlCommand cmd = new SqlCommand(sql, conn);
SqlDataAdapter ad = new SqlDataAdapter(cmd);
// Put returned information into dataTable
ad.Fill(dt);
// Get row quantity
rowCount = dt.Rows.Count;
// Get DB Information
if (rowCount == 1)
{
/////////////////////////
// Get User ID from DB //
/////////////////////////
Object userIDObj = dt.Rows[0]["userID"];
String DBuserID = Convert.ToString(userIDObj);
// Create User Name Cookie
Response.Cookies["userID"].Value = DBuserID;
// TEST User Name Cookie
//Response.Write("User ID: " + Request.Cookies["userID"].Value);
///////////////////////////
// Get User Name from DB //
///////////////////////////
Object userNameObj = dt.Rows[0]["userName"];
String DBuserName = Convert.ToString(userNameObj);
// Create User Name Cookie
Response.Cookies["userName"].Value = DBuserName;
// TEST User Name Cookie
//Response.Write("<br>User Name: " + Request.Cookies["userName"].Value);
//////////////////////////////
// Get Rights Level from DB //
//////////////////////////////
Object rightsLevelObj = dt.Rows[0]["rightsLevel"];
String DBuserRights = Convert.ToString(rightsLevelObj);
// Create Rights Level Cookie
Response.Cookies["rightsLevel"].Value = DBuserRights;
// TEST Rights Level Cookie
//Response.Write("<br>User Rights: " + Request.Cookies["rightsLevel"].Value);
// Row valid
// Login
return false;
}
else if (rowCount == 0)
{
// No rows to return
// Do not login
return true;
}
else if (rowCount > 1)
{
// Too many rows
// Do not login
return true;
}
else
{
// Else return -1
rowCount = -1;
return true;
}
}
catch (SqlException sqlex)
{
// Output database TRY error above
Response.Write("SQL Error: " + sqlex.Message.ToString());
// Else return false
return true;
}
}
The code seems to work, but I have various MasterPage files, header / footer UserControls, etc. that are all working as well. I have tried:
- eliminating various parts of of the code
- commenting out cookie "expire" commands
- removing UserControls that load with the page
I have searched the entire project for everything that I can think of that might cause this, but no matter what I comment out, it still does the same thing.
- Lets me PostBack when I submit the form
- runs the checkForUser function
- creates the cookie
- loads that PostBack panel and changes items that look for user cookies
...but when I click on any other page within the domain, the cookies expire and everything goes back to the pre-PostBack state.
I didn't fully understand your code. It seems like you are accessing the cookie which is in Response object. Can you try to access the cookie by Request object instead? Check the below links for the same sort of problem
Ruchira,
As far as I can tell, my login page works fine and the cookies are defined from values in the User database. The problem is that I am having trouble finding when/where the cookies are set to expire.
Li Wang,
Thank you for responding but the code you are asking for is part of my last post. The problem I am having is that I cannot find where the cookies are set to expire.
Unless someone has any ideas of how I would find what page the cookies are set to expire on, I may just have to use the Ctrl+Shift+F, and keep searching the entire project for something... if anyone has ideas, please let me know.
Li Wang,
There are no userName or password values of "" or NULL in the table.
If I search the entire site for "expires" using Ctrl+Shift+S, there are only two pages that the user-cookie expiration date is set. One is the "login" page and the other is the "logOut" page. I have also tried creating a blank page that ONLY creates cookies,
the values still disappear/expire when I go to another page on the site.
I finally figured this out!!! At some point I had an SSL account, but I let this expire because I was not working on the merchant part of my account. You can create a tag in the web.config file, to "only send cookies over SSL". Apparently this was accidentally
created at some point, and set to true:
Member
14 Points
153 Posts
Expring Cookies
Jun 02, 2015 03:05 PM|JEREMER|LINK
I have been fighting for quite a while now but I just can't figure it out. I am having trouble with cookies expring almost immediately, or what appears to be immediately after they are created. I may have created something on my site that inadvertantly does this, but I cannot figure out where or what page, masterPage, etc. the cookies expire on.
I have used the F12 debug log to figure this out but the log says that the cookies expire at the end of the session. When I click on a link to go away from the login confirmation page, they cookies have already expired. Is there a definite way to figure out exactly what page, line, etc. makes them expire?
Any help is much appreciated - Thank you
Jereme
All-Star
47311 Points
20713 Posts
Re: Expring Cookies
Jun 02, 2015 04:00 PM|mgebhard|LINK
Cookies area created with an expiration date and time. If the expiration is exceeded the browser does not send the cookie. It could be that the cookie is created with a very short expiration. It could also be that a some page is setting the expiration. Do a search for Response.Cookies.Add and see what you find.
https://msdn.microsoft.com/en-us/library/ms178195%28v=vs.140%29.aspx
A traditional cookie has nothing to do with session. Although, there are specialized session cookies which persist the user's session ID. However, cookies and session cookie are still just cookies and follow cookie rules.
Member
14 Points
153 Posts
Re: Expring Cookies
Jun 02, 2015 06:20 PM|JEREMER|LINK
mgebhard,
I understand how cookies work and how they are locally stored. Unfortunately though, I am just unable to find exactly where they expire. If I use the debug log, I am able to see that the cookies do not have a specific expiration date when created, rather that they are set to expire at the end of the session (or when the browser is closed). This is exactly what I want, but when I click on a link to go to another page, it appears that they have already expired and that they are not available anymore. I have checked my logic and searched the entire VS project for various things, but for some reason I cannot find anything that looks like they are set to expire, or even redirected to a page to make them expire.
I was wondering if there is a way to find out if there is a way to check for an exact time that they are set to expire, before I am redirected back to the home page. I am just having trouble stepping through the pages to see what pages I am directed, and redirected through to find the cookie expiration.
Jereme
Star
9859 Points
974 Posts
Microsoft
Re: Expring Cookies
Jun 03, 2015 11:23 PM|Li Wang|LINK
Hi JEREMER,
Thank you for your post.
I reviewed the posts you have posted before. It seems that the problem bother you for a long time.
I suggest you could provider more information about your project, like the code of set cookie and the code of redirect page.
So it can better help us troubleshoot problems. Otherwise, we can only guess.
Does the "another page" have a some domain with your current page?
Cookie could not be shared between different domains. For example, cookie could not be shared between www.xxx.com and abc.xxx.com.
Hoping my reply could be helpful to you.
Best Regards,
Wang Li
Member
14 Points
153 Posts
Re: Expring Cookies
Jun 04, 2015 01:24 AM|JEREMER|LINK
Li,
You are correct and this has been troubling me for quite a while now. The domain is the same for all of the pages that I am redirecting to and clicking on links. The code that sets the cookies is the Page_Load function below:
if (IsPostBack == true) { if (txtUserName.Text != "" && txtPassword.Text != "") { // Check for user in DB if (checkForUser(txtUserName.Text, txtPassword.Text) == false) { // Hide Form pnlForm.Visible = false; // Show Submit Panel pnlSubmit.Visible = true; // Login Message lblLoginMessage.Text = "You are now logged in"; if (chkStayLoggedIn.Checked == true) { // Cookie Check //Response.Write("Stay logged in with Cookies"); // Stay logged in Response.Cookies["userID"].Expires = DateTime.Now.AddDays(30); Response.Cookies["userName"].Expires = DateTime.Now.AddDays(30); Response.Cookies["rightsLevel"].Expires = DateTime.Now.AddDays(30); } } else { // Show Form pnlForm.Visible = true; // Hide Submit Panel pnlSubmit.Visible = false; // Error Message lblErrorMessage.Text = "User name or password incorrect"; } } else { // Error Message lblErrorMessage.Text = "Please fill in user name and password"; // Show Form pnlForm.Visible = true; // Hide Submit Panel pnlSubmit.Visible = false; } } else { // Show Form Panel pnlForm.Visible = true; // Hide Submit Panel pnlSubmit.Visible = false; }...and the function that I am using, as follows:
public bool checkForUser(string userNameInput, string userPasswordInput) { // Create rowCount variable int rowCount; try { // Get Connection String string connectionStringValue = ConfigurationManager.ConnectionStrings["connectionString_dbInfo"].ConnectionString; // Get Connection String string connectionStringReturn = connectionStringValue; // Create DB Connection SqlConnection conn = new SqlConnection(connectionStringReturn); // Create dataTable to store returned information DataTable dt = new DataTable(); // Check for row in table String sql = "SELECT * FROM dbo.userDB WHERE userName = '" + userNameInput.Trim() + "' AND userPassword = '" + userPasswordInput.Trim() + "' ";
SqlCommand cmd = new SqlCommand(sql, conn); SqlDataAdapter ad = new SqlDataAdapter(cmd); // Put returned information into dataTable ad.Fill(dt); // Get row quantity rowCount = dt.Rows.Count; // Get DB Information if (rowCount == 1) { ///////////////////////// // Get User ID from DB // ///////////////////////// Object userIDObj = dt.Rows[0]["userID"]; String DBuserID = Convert.ToString(userIDObj); // Create User Name Cookie Response.Cookies["userID"].Value = DBuserID; // TEST User Name Cookie //Response.Write("User ID: " + Request.Cookies["userID"].Value); /////////////////////////// // Get User Name from DB // /////////////////////////// Object userNameObj = dt.Rows[0]["userName"]; String DBuserName = Convert.ToString(userNameObj); // Create User Name Cookie Response.Cookies["userName"].Value = DBuserName; // TEST User Name Cookie //Response.Write("<br>User Name: " + Request.Cookies["userName"].Value); ////////////////////////////// // Get Rights Level from DB // ////////////////////////////// Object rightsLevelObj = dt.Rows[0]["rightsLevel"]; String DBuserRights = Convert.ToString(rightsLevelObj); // Create Rights Level Cookie Response.Cookies["rightsLevel"].Value = DBuserRights; // TEST Rights Level Cookie //Response.Write("<br>User Rights: " + Request.Cookies["rightsLevel"].Value); // Row valid // Login return false; } else if (rowCount == 0) { // No rows to return // Do not login return true; } else if (rowCount > 1) { // Too many rows // Do not login return true; } else { // Else return -1 rowCount = -1; return true; } } catch (SqlException sqlex) { // Output database TRY error above Response.Write("SQL Error: " + sqlex.Message.ToString()); // Else return false return true; } }
The code seems to work, but I have various MasterPage files, header / footer UserControls, etc. that are all working as well. I have tried:
- eliminating various parts of of the code
- commenting out cookie "expire" commands
- removing UserControls that load with the page
I have searched the entire project for everything that I can think of that might cause this, but no matter what I comment out, it still does the same thing.
- Lets me PostBack when I submit the form
- runs the checkForUser function
- creates the cookie
- loads that PostBack panel and changes items that look for user cookies
...but when I click on any other page within the domain, the cookies expire and everything goes back to the pre-PostBack state.
Star
9859 Points
974 Posts
Microsoft
Re: Expring Cookies
Jun 04, 2015 05:46 AM|Li Wang|LINK
Hi JEREMER,
From the current code, I could not found the error.
Could you please provider the code of this part?
And you could searh all code related cookie use Solution Search(Ctrl+Shift+F).
Best Regards,
Wang Li
All-Star
52793 Points
9695 Posts
MVP
Re: Expring Cookies
Jun 05, 2015 01:48 AM|Ruchira|LINK
I didn't fully understand your code. It seems like you are accessing the cookie which is in Response object. Can you try to access the cookie by Request object instead? Check the below links for the same sort of problem
http://stackoverflow.com/questions/207878/cookie-loses-value-in-asp-net
http://stackoverflow.com/questions/456807/asp-mvc-cookies-not-persisting/590258#590258
Please 'Mark as Answer' if this post helps you
My Tech BlogMember
14 Points
153 Posts
Re: Expring Cookies
Jun 06, 2015 10:11 PM|JEREMER|LINK
Ruchira,
As far as I can tell, my login page works fine and the cookies are defined from values in the User database. The problem is that I am having trouble finding when/where the cookies are set to expire.
Li Wang,
Thank you for responding but the code you are asking for is part of my last post. The problem I am having is that I cannot find where the cookies are set to expire.
Unless someone has any ideas of how I would find what page the cookies are set to expire on, I may just have to use the Ctrl+Shift+F, and keep searching the entire project for something... if anyone has ideas, please let me know.
Thank you,
Jereme
Star
9859 Points
974 Posts
Microsoft
Re: Expring Cookies
Jun 12, 2015 04:56 AM|Li Wang|LINK
Hi JEREMER,
Does there exists a record in User table which with username value of "" and password value of ""?
If so, may be that cause the expired cookie.
Best Regard,
Wang Li
Member
14 Points
153 Posts
Re: Expring Cookies
Sep 15, 2015 09:30 PM|JEREMER|LINK
Li Wang,
There are no userName or password values of "" or NULL in the table.
If I search the entire site for "expires" using Ctrl+Shift+S, there are only two pages that the user-cookie expiration date is set. One is the "login" page and the other is the "logOut" page. I have also tried creating a blank page that ONLY creates cookies, the values still disappear/expire when I go to another page on the site.
Any other suggestions?!?!?
Please help
Member
14 Points
153 Posts
Re: Expring Cookies
Sep 16, 2015 11:03 PM|JEREMER|LINK
Does anyone have any ideas? I am completely stumped as to what I am missing here.
All-Star
47311 Points
20713 Posts
Re: Expring Cookies
Sep 17, 2015 05:33 AM|mgebhard|LINK
Have you tried a different browser or verified your browser accepts cookies?
Member
14 Points
153 Posts
Re: Expring Cookies
Sep 17, 2015 06:15 PM|JEREMER|LINK
I have tried different browsers and the result is the same.
Member
14 Points
153 Posts
Re: Expring Cookies
Jun 08, 2016 04:19 AM|JEREMER|LINK
I finally figured this out!!! At some point I had an SSL account, but I let this expire because I was not working on the merchant part of my account. You can create a tag in the web.config file, to "only send cookies over SSL". Apparently this was accidentally created at some point, and set to true:
<httpCookies httpOnlyCookies="true" requireSSL="true"/>
I set this to "FALSE" now that the SSL certificate is expired, and everything works fine again.