Html - Setting Path And Expiration For Session Cookie

Mar 25, 2010

Anything I have tried didn't work. Currenly I have following code to change asp.net session cookie expiration date and path, but asp doesn't want to listen to me. I sends same cookie in Set-Cookie header two times sometimes, sometimes it sends it's default cookie ignoring path and expiration date, sometimes it sends everything as expected, and sometimes it doesn't send Set-Cookie at all. What should I do.

My code in Global.asax

protected void Application_PreRequestHandlerExecute(Object sender, EventArgs e)
{
/// only apply session cookie persistence to requests requiring session information
if (Context.Handler is IRequiresSessionState || Context.Handler is IReadOnlySessionState)
{
var sessionState = ConfigurationManager.GetSection("system.web/sessionState") as SessionStateSection;
var cookieName = sessionState != null && !string.IsNullOrEmpty(sessionState.CookieName)
? sessionState.CookieName
: "ASP.NET_SessionId";
var timeout = sessionState != null
? sessionState.Timeout
: TimeSpan.FromMinutes(20);
/// Ensure ASP.NET Session Cookies are accessible throughout the subdomains.
if (Request.Cookies[cookieName] != null && Session != null && Session.SessionID != null)
{
Response.Cookies[cookieName].Value = Session.SessionID;
Response.Cookies[cookieName].Path = Request.ApplicationPath;
Response.Cookies[cookieName].Expires = DateTime.Now.Add(timeout);
}
}
}

View 1 Replies


Similar Messages:

Setting Cookie Expiration With ASP Classic To Session Sharing Solution

Jun 25, 2010

I'm implementing the session sharing structure from this link for an ASP classic site to begin the gradual conversion process to ASP.NET. I'm trying to extend the cookie expiration time so that users do not get signed out of the site when the session expires. At the place where the cookie is created in SessionPage.cs I've added the line in the CreateNewSessionCookie() method: cookie.Expires = DateTime.Now.AddDays(14);

Now this works fine, however, it only works if the user first visits an ASP.NET page, and then visits the ASP classic pages. It doesn't work if visiting an ASP classic page first (looking at the cookie through firefox confirms that different expiration values are given based on if I visit an ASP or ASP.NET page first.) I'm still a bit fuzzy on the mechanics behind this implementation as I don't have a complete understanding of session and cookie handling. However, I would have thought that the VB6 SessionMgr object is calling the SessionUtility DLL, and thus is using the same code to issue the cookie. I have re-registered the SessionUtility using gacutil, and re-exposed it using regasm. How else is the cookie being issued when a user accesses an ASP classic page? How can I change the expiration time?

View 1 Replies

Setting Alternative Session Expiration Times?

Jan 15, 2011

I want a specific session variable (in my case Session["level"]) to expire either on the normal 20 min. timer or at 19:30 every day. Because I change a value in my database everyday at 19:30 and I want this session variable to be related to that value. Is this possible?

View 1 Replies

State Management :: How To Get The Cookie Expiration Date To Write Out

Nov 1, 2010

I tried <%= request.cookies("cookiename").expires %> but thats a no go. Tried adding .tostring, no go. what am I to do? Has to be something simple I am missing here.

View 6 Replies

State Management :: Authentication Cookie Expiration Not Sliding Properly?

Mar 28, 2011

we have a web based application that let users register, activate their account and then login to use the app...

it is very important that accounts must not be used simultaneously, so if user a is logged in using mynameisA/mypassword, no one else can login at the same time using the same credentials, until he logout.

this was achieved by using a cache mechanism that inserts an entry specific to that user and will keep on refreshing at each request, until the user logouts, where we remove that cache entry. on login, we check whether that cache entry is there in order to allow him in or throw a message saying that the user is already logged in... we use enterprise library 5.0 which we found more reliable than the asp.net cache, and for various other practical reasons.

now, this works fine, but the problem is that it seems like the authentication ticket and cookie doesnt slide properly at each request. so sometimes, users end up logged out because their authentication ticket got expired, and they cannot login again because the cache entry is still there.

here is the code in the sign-in page:

' if user credentials are valid, and other checks and validations...

[Code]....

here is the code that runs on every authenticated request (httpmodule):

[Code]....

and here is the web.config stuff:

[Code]....

we've done all kind of tests including metabase IIS6 monitoring. there is no apppool recycle happening...

checking the authentication cookie in firefox view cookies option shows that on each request, the expiration time of the authentication cookie is not sliding.

View 7 Replies

Security :: Forms Authentication - Users Logged Out Before Cookie Expiration?

Jun 16, 2010

For some reason my users are logged out of the system every 10-15 minutes or so...regardless of the configuration below....am I missing something?

[code]....

View 1 Replies

Web Forms :: Temporary Internet Files Showing An Incorrect Cookie Expiration Date?

Dec 28, 2010

i'm creating a cookie with an expiration of 12 hours from now. when i run my solution locally and go into C:Users..AppDataLocalMicrosoftWindowsTemporary Internet Files and look at the expires property of my cookie the date and time are correct. However, when I deploy this to our web server and go to the website i notice the cookie that got created for it has an expiration date of 2 years from now, minus a day. So the cookie should be set to expire on 12/29/2010 8:00 PM for example instead shows 12/28/2012 8:00 PM. Here's the code i'm using to create the cookie, pretty basic. And yes, the date on the web server is correct. I really want the cookie to expire in 12 hours, not 2 years.

[Code]....

View 6 Replies

State Management :: Setting Session In A Sample.HTML Page?

Feb 22, 2011

I have developed a project including many pages. But the initial page is HTML , not an aspx page. I want to set the session("language") at this page first. (user can change the language later in the forms)

View 2 Replies

Handle Facebook Session Expiration?

Jan 27, 2010

am a ASP.NET developer using Facebook Developer Toolkit to develop a facebook flash application with flash developer.When the user plays the game for a certain period of time, there are chances that the facebook session expires and I can't call any Facebook API for processing as a result.

View 2 Replies

MVC :: Show Session Expiration Time To User?

Jan 5, 2011

I have a scenario in my application that I need to display session expiration time to the user. I set session expiration as 30 minutes in my application, 5 minutes before the session expiration, I need to show message to user that the session is going to expire.

How can I will do this implementation, I am using VS 2010 + MVC 2.0 + JQuery.

View 3 Replies

JQuery :: How To Handle Session Expiration In Modal Window

Jun 24, 2010

I am having an aspx page page1.aspx with a button button1. On click of button1, a modal window popup is displaying using jquery.

The modal popup is displaying another page page2.aspx . I have appended the following line in the load event of all aspx pages to handle the session expiration.So that on expiration of session, it will automaticaly redirect to sessionexpired.aspx page.

Response.AppendHeader(
"Refresh",
Convert.ToString((Session.Timeout * 60) + 10) +
";URL=SessionExpired.aspx");

View 6 Replies

State Management :: Session Gets Lost When Set Session Response.cookie

Jan 25, 2011

I need to make my asp.net session cookie as secure but whenever i check user authentication and after that i am trying to set cookie to true then my session lost my user information and so it always redirect login page. I am settings user to HttpContext.Current.Session["user"] and check every time, is user is valid and if valid then move ahead. but before that i make my asp.net session cookie as true.

[Code]....

but after that i observe that somehow "Session_Start" event gets called.

View 1 Replies

Security :: How To Redirect The User Automatically To Login Page After Session Expiration

Mar 10, 2010

How i redirect the page to Login page automatically if session Expires .

View 7 Replies

MVC :: Error Reading Cookie With Associated Path

Nov 19, 2010

I'm seeing some weird behavior within MVC 2 in regard to reading cookies. I write a cookie and specify a path. I intermittently see a null value returned for this cookie within my MVC application. I've verified throug Firebug that the browser is sending along the cookie in the request headers. When debugging, I can see the cookie in the headers (i.e.) Request.Headers["cookies"] but when trying to access the cookies collection, it's null (Request.Cookies["mykey"].

I'm using the AsyncController. Since this the issue is intermitent, is it possible there is a race condition?

View 1 Replies

Mix Cookieless With Cookie Session Stored Session Data?

Mar 19, 2011

Is it possible to use mixed cookieless sessions with cookie sessions? I've an application that captured user details and then redirect for payment to an ssl page. I was wondering if this is possible? [URL] redirects to [URL] Note: the session Id in the latter url. So in essence, we use the standard cookie session for the majority of the application but when we transfer to an ssl page we pass the SessionId to the https url to pick up the session. I've tried this locally but it starts a new session.

View 1 Replies

Safe To Use Request.ApplicationPath For Cookie Path

Mar 25, 2010

Is it safe to use such code?

Response.Cookies[cookieName].Path = Request.ApplicationPath + "/";

I want to know about all corner cases.

View 3 Replies

Authentication Cookie Timout And IIS 7 Setting?

Jun 11, 2010

I have an ASP.NET website for which i've set the authetication timeout to 60 days so that my users don't have to log in each time they come back if they checked the "remember me" option. Basic ASP.NET login mechanism... It's working fine on my developpement server as well as on the visual studio built-in web server. I can close the browser, wait around 30-40 minutes and browse back to the site and be automatically logged in.

However, I've not moved the site to a hosting provider and it seems that whatever I do to my Web.config file, the cookie expires after around 30 minutes (hard to tell the exact amount of time). I have asked the provider's help support and they basically told me: "Web.config file is to configure your website. Please do not change it if you don't know what you are doing"Frustrating answer indeed... be sure, I checked everywhere on the net for exceptions, fine prints, in the basic asp.net authentication but found none.I have access to IIS remote management for my site (IIS 7) but don't really know where to look. Can there be something in the IIS setting that is overriding my web.config authentication setting?

View 1 Replies

Why Is Cookie Available In Request Immediately After Setting Using Response

Aug 4, 2010

In pageload, if you do Response.Cookies.Add(..., immediately in the next line, you can access that cookie via Request.Cookies(... I know that under the covers, the cookie is added to Request.Cookies by .net, but the original request never had that cookie.

If what I'm saying is correct, why is it this way? Shouldn't the cookie be available in the following request? Shouldn't the immediate access to Request.Cookies(... be null?

View 1 Replies

Is It Possible To Serve An ASPX Page Without It Setting A Cookie On Browser

Jun 17, 2010

we're in the process of trying to speed up the performance of our website by serving static content from a cookieless domain. That seems to be going well, but I have a new question:

I know that it's "static content" that we're talking about when serving it from a cookieless domain, but we also have static content being served by ASPX pages, specifically images. For example:

domain.com/resizeImages.aspx?src=images/image123.jpg&width=400&height=400

How can I serve the resizeImages.aspx image without ASP.NET setting a cookie on my browser? (At present it sets an ASPXANONYMOUS cookie.)

View 1 Replies

Setting Auth Cookie Timeout Length Based On Role?

May 18, 2010

I want to allow admins to be logged in for longer than normal users. I don't see a hook for setting the cookie timeout programmatically or in a role-based way. Is this possible in ASP using Forms Authentication?

View 2 Replies

State Management :: To Prevent The Server From Setting Cookie On The Client Machine?

Sep 2, 2010

I have deployed a Web application on IIS 6. I want to prevent my server from setting cookie on the client browser. I am using the following setting on the web.config file.

< sessionState
mode="InProc"
cookieless="false" [code]....

However, it looks like its creating a default cookie named ".ASPXAUTH" in the client machine. I dont want my application to create any sort of cookie.Is there anything specific I need to do in web.config?

View 3 Replies

State Management :: Session State Expiration After Application Pool Recycle?

Nov 1, 2010

All we have a global ships position tracking website which runs smoothly until IIS application pool recycles.When there is workerprocess recycling looks like session state expires as a result i loose all session data and when customer clicks refresh button he is redirected to login page.

In web.config Session state mode is set to InProc so i changed it to State Server but to my luck i have MAP object which is not serialiazable which is causing the maps from not appearing on the website.I tried adding serializable attribute to the object class but still not succesfull.Our website is accessed by our customers whose count is more than 1000.

Changing the session state mode from InProc to StateServer can really slow down the response time so
Is it good to go further fix the serailizable issues and move to state server?.

Is there any way I can retain my session data when application pool recyles?..

Stopping Application pool from recycling may not be a good idea considering health factor of web server.

View 8 Replies

MVC :: How To Use Session And Cookie

Sep 27, 2010

in asp.net mvc, how to use session and cookie ?

I am trying to understand how a login session stored and implemented.

View 1 Replies

Set Cookie To Expire At End Of Session?

Sep 17, 2010

I'm surprised i couldnt find any answers.

How do i set my sessionid in my cookie to expire at the end of session? (when the browser closes or the user has been inactive for a period of tie).

The two solutions i found were

(httpcookie).Expires = HttpContext.Current.Session.Timeout

Which gave me a compile error so i dont know if the user checked his code before posting. And the other was to set the expire date to 1 day ago which my gut says is wrong. How do i do this?

View 2 Replies

Get A Session / Cookie From Another Domain?

Jan 19, 2010

I've got a session/coockie from a phpbb forum. But i use in the website asp.net (the website has a different url and domain then the forum).

Can i get the session/coockie from the phpbb forum in the asp.net website?

View 1 Replies







Copyrights 2005-15 www.BigResource.com, All rights reserved