Cookie Problems

I''m having a problem with cookies that is driving me insane :).
- If a user comes to [url]http://domain.com[/url] and a cookie is set for them, then the user for whatever reason jumps to [url]http://www.domain.com[/url] one of the 2 happens:

1) The cookie we set can not be read (expected), but then a new one can not be written ether (I looked at the server headers and although the cookie information is sent, IE ignores it).

2) The cookie from [url]http://domain.com[/url] can be read, but you can not write to this cookie. Same here cookie is sent back from the server but IE ignores it.

Now, if its the other way around. If a user comes to [url]http://www.domain.com[/url], a cookie is set, then he/she jumps to [url]http://domain.com:[/url]

The cookie can not be read (expected), but a new one can be written (as it should be).

So after driving my self insane, i whent out and tried it out in other servers to see if it was true. I tried 4 different sites which used cookies (for shopping carts). I did the same tests, (Go in via domain.com, add something to cart, then, jump to [url]www.domain.com[/url], cookie would not be overwritten. Then did the other way around, everything worked fine.)

Sample code:

cookietest.asp
------------------------------------------------------
<%

if request.querystring("action")="setcookie" then
Response.cookies("dog")=request.querystring("cooki eval")
response.cookies("dog").Expires = Date + 1
end if

if request.querystring("action")="readcookie" then
response.write "Cookie Value is: " & request.cookies("dog") & "<br><br>"

end if

%>

<a href="cookietest.asp?action=setcookie&cookieval=12 345">Set cookie</a>
¦
<a href="cookietest.asp?action=setcookie&cookieval=67 891">Set cookie2</a>
¦
<a href="cookietest.asp?action=readcookie">Read cookie</a>
<br><br><p>
-------------------------------------------

Visit: yourdomain.com/cookietest.asp
Set a cookie
Read it to make sure its there.
Now type in [url]www.yourdomain.com/cookietest.asp[/url]
Read the cookie (anything set?)
Set a cookie (By my tests cookie is not written)

Try it the other way around and it works!

Please somone help me out here i need to know if its a browser issue, or just my sloppy code :)

-----------------------------
This message is posted by [url]http://Asp.ForumsZone.com[/url]

[monki]

i am trying to set a cookie to the user of the site and then pull the data
back to view the cookie data.

this works fine locally on iis, however it does not work using a different
pc. (cookies allowed)

any suggestions?

thanks in advance

j

below are extracts from the 2 pages
----------------------------------------------------
num=1
Response.Cookies (""&vsession&"").Expires=Date() + 90
Response.Cookies (""&vsession&"")("date")=Date()
rs.MoveFirst
Do while NOT rs.EOF
Response.Cookies (""&vsession&"")("item,"&num)=rs("prodId")
Response.Cookies (""&vsession&"")("qty," &num)= rs("Qty")
num=num+1
rs.MoveNext
Loop

----------------------------------------------------------------------------
--


i=1
for each x in Request.Cookies

response.write "quote-"&i&"-"&x&"<br>"
i=i+1

if Request.Cookies(x).HasKeys then
for each y in Request.Cookies(x)
response.write( y & "=" & Request.Cookies(x)(y))
response.write("<br />")
next
else
Response.Write(Request.Cookies(x) & "<br />")
end if

response.write "<br>"

next

[monki]

dont worry - when the site is live it is ok - must be a local issue,
probably firewall

"monki" <j@usura.org> wrote in message
news:4Legb.4229$ee6.3163@news-binary.blueyonder.co.uk...

> i am trying to set a cookie to the user of the site and then pull the data
> back to view the cookie data.
>
> this works fine locally on iis, however it does not work using a different
> pc. (cookies allowed)
>
> any suggestions?
>
> thanks in advance
>
> j
>
> below are extracts from the 2 pages
> ----------------------------------------------------
> num=1
> Response.Cookies (""&vsession&"").Expires=Date() + 90
> Response.Cookies (""&vsession&"")("date")=Date()
> rs.MoveFirst
> Do while NOT rs.EOF
> Response.Cookies (""&vsession&"")("item,"&num)=rs("prodId")
> Response.Cookies (""&vsession&"")("qty," &num)= rs("Qty")
> num=num+1
> rs.MoveNext
> Loop
>
> --------------------------------------------------------------------------

--

> --
>
>
> i=1
> for each x in Request.Cookies
>
> response.write "quote-"&i&"-"&x&"<br>"
> i=i+1
>
> if Request.Cookies(x).HasKeys then
> for each y in Request.Cookies(x)
> response.write( y & "=" & Request.Cookies(x)(y))
> response.write("<br />")
> next
> else
> Response.Write(Request.Cookies(x) & "<br />")
> end if
>
> response.write "<br>"
>
> next
>
>
>
>

[Rossen Hristov]

Hello,

I have the following problem. I am building a ASP.NET application with Forms
Authentication.
Just for testing purposes I have set the Session timeout to 3 minutes:

<sessionState
mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"
cookieless="false"
timeout="3"
/>
I have also set the cookie timeout to 3 minutes:
<authentication mode="Forms">
<forms name="NCIWebAut"
loginUrl="Pages/Login/Login.aspx"
protection="Encryption"
timeout="3"
path="/"
slidingExpiration="true"
requireSSL="true">
</forms>
</authentication>

and here is my C# code with which I create the ticket -- just as in the MS
tutorials:
// Use security system to set the UserID within a client-side Cookie
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1,
txtUsername.Text,
DateTime.Now,
DateTime.Now.AddMinutes(3),
false,
txtUsername.Text);
String encryptedTicket = FormsAuthentication.Encrypt(ticket);
// Create a cookie and add the encrypted ticket to the
// cookie as data.
HttpCookie authCookie =
new HttpCookie(FormsAuthentication.FormsCookieName,
encryptedTicket);
// Add the cookie to the outgoing cookies collection.
Response.Cookies.Add(authCookie);
Session.Add("dataLanguage", dataLang);
// Redirect the user to Main.aspx
Response.Redirect("../Main/Main.aspx");

The problem is the following. I want to kick out the user if he hasn't made
a request in 3 minutes (just for testing purposes), but if he continually
request various aspx pages I want to keep him signed in. That is why I set
the SlidingExpiration property to true. However, I log-in, the I do not do
anything for 2 minutes and when I request an aspx page it kicks me out to
the login screen. Why? I have set the timeout to 3 minutes. This does not
make sense!
Could anyone help me?
Also, when I write 3 minutes in the web.config file, why do I need to write
this again when I create the ticket (DateTime.Now.AddMinutes(3)). Why do we
have two numbers instead of one. This isn't explained anywhere. Do these
numbers have to be the same? I am confused. The MS tutroials say do this and
this, I do it and then it does not work properly. Any ideas?
Rossen Hristov

[gemeni]

Did you call FormsAuthentication.Initialize()?

"Rossen Hristov" wrote:

> Hello,
>
> I have the following problem. I am building a ASP.NET application with Forms
> Authentication.
> Just for testing purposes I have set the Session timeout to 3 minutes:
>
> <sessionState
> mode="InProc"
> stateConnectionString="tcpip=127.0.0.1:42424"
> sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"
> cookieless="false"
> timeout="3"
> />
> I have also set the cookie timeout to 3 minutes:
> <authentication mode="Forms">
> <forms name="NCIWebAut"
> loginUrl="Pages/Login/Login.aspx"
> protection="Encryption"
> timeout="3"
> path="/"
> slidingExpiration="true"
> requireSSL="true">
> </forms>
> </authentication>
>
> and here is my C# code with which I create the ticket -- just as in the MS
> tutorials:
> // Use security system to set the UserID within a client-side Cookie
> FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
> 1,
> txtUsername.Text,
> DateTime.Now,
> DateTime.Now.AddMinutes(3),
> false,
> txtUsername.Text);
> String encryptedTicket = FormsAuthentication.Encrypt(ticket);
> // Create a cookie and add the encrypted ticket to the
> // cookie as data.
> HttpCookie authCookie =
> new HttpCookie(FormsAuthentication.FormsCookieName,
> encryptedTicket);
> // Add the cookie to the outgoing cookies collection.
> Response.Cookies.Add(authCookie);
> Session.Add("dataLanguage", dataLang);
> // Redirect the user to Main.aspx
> Response.Redirect("../Main/Main.aspx");
>
> The problem is the following. I want to kick out the user if he hasn't made
> a request in 3 minutes (just for testing purposes), but if he continually
> request various aspx pages I want to keep him signed in. That is why I set
> the SlidingExpiration property to true. However, I log-in, the I do not do
> anything for 2 minutes and when I request an aspx page it kicks me out to
> the login screen. Why? I have set the timeout to 3 minutes. This does not
> make sense!
> Could anyone help me?
> Also, when I write 3 minutes in the web.config file, why do I need to write
> this again when I create the ticket (DateTime.Now.AddMinutes(3)). Why do we
> have two numbers instead of one. This isn't explained anywhere. Do these
> numbers have to be the same? I am confused. The MS tutroials say do this and
> this, I do it and then it does not work properly. Any ideas?
> Rossen Hristov
>
>
>