Html - Setting Path And Expiration For Session Cookie
Mar 25, 2010
Anything I have tried didn't work. Currenly I have following code to change asp.net session cookie expiration date and path, but asp doesn't want to listen to me. I sends same cookie in Set-Cookie header two times sometimes, sometimes it sends it's default cookie ignoring path and expiration date, sometimes it sends everything as expected, and sometimes it doesn't send Set-Cookie at all. What should I do.
My code in Global.asax
protected void Application_PreRequestHandlerExecute(Object sender, EventArgs e)
{
/// only apply session cookie persistence to requests requiring session information
if (Context.Handler is IRequiresSessionState || Context.Handler is IReadOnlySessionState)
{
var sessionState = ConfigurationManager.GetSection("system.web/sessionState") as SessionStateSection;
var cookieName = sessionState != null && !string.IsNullOrEmpty(sessionState.CookieName)
? sessionState.CookieName
: "ASP.NET_SessionId";
var timeout = sessionState != null
? sessionState.Timeout
: TimeSpan.FromMinutes(20);
/// Ensure ASP.NET Session Cookies are accessible throughout the subdomains.
if (Request.Cookies[cookieName] != null && Session != null && Session.SessionID != null)
{
Response.Cookies[cookieName].Value = Session.SessionID;
Response.Cookies[cookieName].Path = Request.ApplicationPath;
Response.Cookies[cookieName].Expires = DateTime.Now.Add(timeout);
}
}
}
I'm implementing the session sharing structure from this link for an ASP classic site to begin the gradual conversion process to ASP.NET. I'm trying to extend the cookie expiration time so that users do not get signed out of the site when the session expires. At the place where the cookie is created in SessionPage.cs I've added the line in the CreateNewSessionCookie() method: cookie.Expires = DateTime.Now.AddDays(14);
Now this works fine, however, it only works if the user first visits an ASP.NET page, and then visits the ASP classic pages. It doesn't work if visiting an ASP classic page first (looking at the cookie through firefox confirms that different expiration values are given based on if I visit an ASP or ASP.NET page first.) I'm still a bit fuzzy on the mechanics behind this implementation as I don't have a complete understanding of session and cookie handling. However, I would have thought that the VB6 SessionMgr object is calling the SessionUtility DLL, and thus is using the same code to issue the cookie. I have re-registered the SessionUtility using gacutil, and re-exposed it using regasm. How else is the cookie being issued when a user accesses an ASP classic page? How can I change the expiration time?
I want a specific session variable (in my case Session["level"]) to expire either on the normal 20 min. timer or at 19:30 every day. Because I change a value in my database everyday at 19:30 and I want this session variable to be related to that value. Is this possible?
I tried <%= request.cookies("cookiename").expires %> but thats a no go. Tried adding .tostring, no go. what am I to do? Has to be something simple I am missing here.
we have a web based application that let users register, activate their account and then login to use the app...
it is very important that accounts must not be used simultaneously, so if user a is logged in using mynameisA/mypassword, no one else can login at the same time using the same credentials, until he logout.
this was achieved by using a cache mechanism that inserts an entry specific to that user and will keep on refreshing at each request, until the user logouts, where we remove that cache entry. on login, we check whether that cache entry is there in order to allow him in or throw a message saying that the user is already logged in... we use enterprise library 5.0 which we found more reliable than the asp.net cache, and for various other practical reasons.
now, this works fine, but the problem is that it seems like the authentication ticket and cookie doesnt slide properly at each request. so sometimes, users end up logged out because their authentication ticket got expired, and they cannot login again because the cache entry is still there.
here is the code in the sign-in page:
' if user credentials are valid, and other checks and validations...
[Code]....
here is the code that runs on every authenticated request (httpmodule):
[Code]....
and here is the web.config stuff:
[Code]....
we've done all kind of tests including metabase IIS6 monitoring. there is no apppool recycle happening...
checking the authentication cookie in firefox view cookies option shows that on each request, the expiration time of the authentication cookie is not sliding.
i'm creating a cookie with an expiration of 12 hours from now. when i run my solution locally and go into C:Users..AppDataLocalMicrosoftWindowsTemporary Internet Files and look at the expires property of my cookie the date and time are correct. However, when I deploy this to our web server and go to the website i notice the cookie that got created for it has an expiration date of 2 years from now, minus a day. So the cookie should be set to expire on 12/29/2010 8:00 PM for example instead shows 12/28/2012 8:00 PM. Here's the code i'm using to create the cookie, pretty basic. And yes, the date on the web server is correct. I really want the cookie to expire in 12 hours, not 2 years.
I have developed a project including many pages. But the initial page is HTML , not an aspx page. I want to set the session("language") at this page first. (user can change the language later in the forms)
am a ASP.NET developer using Facebook Developer Toolkit to develop a facebook flash application with flash developer.When the user plays the game for a certain period of time, there are chances that the facebook session expires and I can't call any Facebook API for processing as a result.
I have a scenario in my application that I need to display session expiration time to the user. I set session expiration as 30 minutes in my application, 5 minutes before the session expiration, I need to show message to user that the session is going to expire.
How can I will do this implementation, I am using VS 2010 + MVC 2.0 + JQuery.
I am having an aspx page page1.aspx with a button button1. On click of button1, a modal window popup is displaying using jquery.
The modal popup is displaying another page page2.aspx . I have appended the following line in the load event of all aspx pages to handle the session expiration.So that on expiration of session, it will automaticaly redirect to sessionexpired.aspx page.
I need to make my asp.net session cookie as secure but whenever i check user authentication and after that i am trying to set cookie to true then my session lost my user information and so it always redirect login page. I am settings user to HttpContext.Current.Session["user"] and check every time, is user is valid and if valid then move ahead. but before that i make my asp.net session cookie as true.
[Code]....
but after that i observe that somehow "Session_Start" event gets called.
I'm seeing some weird behavior within MVC 2 in regard to reading cookies. I write a cookie and specify a path. I intermittently see a null value returned for this cookie within my MVC application. I've verified throug Firebug that the browser is sending along the cookie in the request headers. When debugging, I can see the cookie in the headers (i.e.) Request.Headers["cookies"] but when trying to access the cookies collection, it's null (Request.Cookies["mykey"].
I'm using the AsyncController. Since this the issue is intermitent, is it possible there is a race condition?
Is it possible to use mixed cookieless sessions with cookie sessions? I've an application that captured user details and then redirect for payment to an ssl page. I was wondering if this is possible? [URL] redirects to [URL] Note: the session Id in the latter url. So in essence, we use the standard cookie session for the majority of the application but when we transfer to an ssl page we pass the SessionId to the https url to pick up the session. I've tried this locally but it starts a new session.
I have an ASP.NET website for which i've set the authetication timeout to 60 days so that my users don't have to log in each time they come back if they checked the "remember me" option. Basic ASP.NET login mechanism... It's working fine on my developpement server as well as on the visual studio built-in web server. I can close the browser, wait around 30-40 minutes and browse back to the site and be automatically logged in.
However, I've not moved the site to a hosting provider and it seems that whatever I do to my Web.config file, the cookie expires after around 30 minutes (hard to tell the exact amount of time). I have asked the provider's help support and they basically told me: "Web.config file is to configure your website. Please do not change it if you don't know what you are doing"Frustrating answer indeed... be sure, I checked everywhere on the net for exceptions, fine prints, in the basic asp.net authentication but found none.I have access to IIS remote management for my site (IIS 7) but don't really know where to look. Can there be something in the IIS setting that is overriding my web.config authentication setting?
In pageload, if you do Response.Cookies.Add(..., immediately in the next line, you can access that cookie via Request.Cookies(... I know that under the covers, the cookie is added to Request.Cookies by .net, but the original request never had that cookie.
If what I'm saying is correct, why is it this way? Shouldn't the cookie be available in the following request? Shouldn't the immediate access to Request.Cookies(... be null?
we're in the process of trying to speed up the performance of our website by serving static content from a cookieless domain. That seems to be going well, but I have a new question:
I know that it's "static content" that we're talking about when serving it from a cookieless domain, but we also have static content being served by ASPX pages, specifically images. For example:
I want to allow admins to be logged in for longer than normal users. I don't see a hook for setting the cookie timeout programmatically or in a role-based way. Is this possible in ASP using Forms Authentication?
I have deployed a Web application on IIS 6. I want to prevent my server from setting cookie on the client browser. I am using the following setting on the web.config file.
However, it looks like its creating a default cookie named ".ASPXAUTH" in the client machine. I dont want my application to create any sort of cookie.Is there anything specific I need to do in web.config?
All we have a global ships position tracking website which runs smoothly until IIS application pool recycles.When there is workerprocess recycling looks like session state expires as a result i loose all session data and when customer clicks refresh button he is redirected to login page.
In web.config Session state mode is set to InProc so i changed it to State Server but to my luck i have MAP object which is not serialiazable which is causing the maps from not appearing on the website.I tried adding serializable attribute to the object class but still not succesfull.Our website is accessed by our customers whose count is more than 1000.
Changing the session state mode from InProc to StateServer can really slow down the response time so Is it good to go further fix the serailizable issues and move to state server?.
Is there any way I can retain my session data when application pool recyles?..
Stopping Application pool from recycling may not be a good idea considering health factor of web server.
Which gave me a compile error so i dont know if the user checked his code before posting. And the other was to set the expire date to 1 day ago which my gut says is wrong. How do i do this?