2

We try to implement ASP.Net Forms Authentication.

Everything works in our Development environment/server. But when we released to Production, we noticed that the cookies don't work properly in FireFox and Chrome. IE11 and Safari (Mac OSX) do work.

When I view the 'Cookies set by this page' (Chrome), I can see the cookie (both in Development as well as Production environment)

But when I check the development tools (Chrome) there is no Cookie on when I test on Production, but there is a Cookie when I test on Development.

When I do a request to check 'Context.User.Identity.IsAuthenticated', the Production environment returns false, while the development environment returns true.

The code is identical on the 2 servers:

protected void Page_Load(object sender, EventArgs e)
    {
        this.StatusLabel.Text = "Authorized : " + Context.User.Identity.IsAuthenticated.ToString();
    }

    protected void SetCookieButton_Click(object sender, EventArgs e)
    {
        FormsAuthentication.SetAuthCookie("TESTER", true);
    }

    protected void DeleteCookieButton_Click(object sender, EventArgs e)
    {
        FormsAuthentication.SignOut();
    }

    protected void AuthorizedRequiredButton_Click(object sender, EventArgs e)
    {
        if (Context.User.Identity.IsAuthenticated)
            this.StatusLabel.Text = "SUCCESS!!" + User.Identity.Name;
        else
            this.StatusLabel.Text = "NOT AUTHORIZED!";
    }

    protected void AuthorizedNotRequiredButton_Click(object sender, EventArgs e)
    {
        this.StatusLabel.Text = "SUCCESS!!";
    }

And so is the Web.config

<authentication mode="Forms">
      <forms name="TestingSession" cookieless="UseCookies" protection="All" timeout="30" ></forms>
    </authentication>

Why is this not working in Chrome and FireFox in my Production environment, when it does work in IE11 and Safari (on Mac OSX).

And why does it work in all the browsers I tested with in my Development environment? Is it an IIS setting? Server issue? Or am I missing something else.

I hope someone can help me out.

EDIT: 03-03-2014

After some more testing I noticed the Response Header Date is wrong.

It is always: Tue, 21 Oct 2014 18:04:35 GMT

The date does not change when the page is called again or in another browser.

This means the Cookie is already expired when it is returned to the browser?

I already checked IIS7 for custom headers, but found none.

We also reset the Http Service on the server but still no luck.

Improve this question
8
  • Could you make sure Dev and Pro both have same web.config setting (except connection strings) and same .Net Framework ? Commented Feb 28, 2014 at 16:36
  • Web.config and .Net Framework are the same. Almost everything on the 2 servers is the same, except for database content. I start it think that it has to be a setting somewhere. Commented Mar 3, 2014 at 8:03
  • "This means the Cookie is already expired when it is returned to the browser" - the date you have there is ahead of time so why would that expire the cookie? Commented Mar 3, 2014 at 14:07
  • @James I wasn't sure about that myself. I changed the timeout in the Web.config to a high value (3000000). This worked. The cookie, and ASP.NET Forms Authentication, were working as expected. But I obviously don't want the timeout to be this long. Commented Mar 3, 2014 at 14:30
  • Which version of ASP.NET are you using? 30 should be more than enough, that's 30 minutes. Commented Mar 3, 2014 at 14:32

2 Answers 2

Reset to default
2

We solved the issue by restarting the server.

After some more research we found that the Response Header Date was the same date as a previous issue we had.

A few months ago we added some more RAM to the server. After that, the server date was set in the future (21 oct. 2014). We noticed that issue very fast and set the date back to to actual date.

We never preformed a restart of the server at that point. It seems that the Date returned in the Response Headers did require a restart.

Steps we took to resolve this issue.

  • Make sure the Server date is the actual date.
  • Reset the HTTP Service on the Server.
  • Restart the Server.

I hope this helps others with the same issue.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Were you able to identify the root cause? This solves the problem for sure.
0

For anybody landing on this page:

@Mithrodin's answer does resolve the issue but this issue can occur in future if at all there's change in DateTime on application server ever. This could be intentional or because of Daylight Saving Time effect.

This issue is specific when one use below method to set permanent cookie:

FormsAuthentication.SetAuthCookie("TESTER", true);

Solution to avoid this issue in future is pass false as second argument in above method. As cookie won't be permanent, please set appropriate timeout in FormsAuthentication tag in web.config to make it work.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.