Why asp.net randomly create cookies on some devices?

Ask Question

Asked 7 years, 10 months ago

Modified 7 years, 10 months ago

Viewed 401 times

I have a Web Server:

Windows Server 2008 R2 X64

IIS version : 7.5.7600.16385

(By this link We checked) installed .net on our machine is: 4.7 (460805)

Our website has been developed on .net 4.7 and MVC 5 and we use ASP.NET Forms Authentication to authenticate our clients.

On the loading of login page, we write a simple test cookie:

 HttpCookie cookie = new HttpCookie("test", "123"); 
 cookie.Expires = DateTime.UtcNow.AddYears(1);
 Response.Cookies.Add(cookie);

when user click on the login button we read that cookie and count all cookies:

  if (Request.Cookies["test"] == null)
        {
           if (Request.Cookies.Count > 0)
                {
                    for(int i=0;i< Request.Cookies.Count;i++)
                        Loger.PointLoger.LogIt("Cookies:" + 
                        Request.Cookies[i].Name 
                       +"   Value: "+ Request.Cookies[i].Value);
                }

              HttpBrowserCapabilitiesBase bc = Request.Browser;
         ...//Some codes to log 
      }

By this way we can be sure, writing cookies are enable and we can write our authentication cookie. If we can not read that test cookie we redirect user to another page and ....

Some our users reported, they can not login to our website and our server logs shows that we can not write cookie on their devices , the important thing is writing cookies are enable on their devices.

After doing some testes we found that writing cookies are randomly or something like that and one time its OK and another time its not.

By this codes we collected some information of out users:

   HttpBrowserCapabilitiesBase bc = Request.Browser;
                ...
        "IsMobileDevice:" + bc.IsMobileDevice
         "-Browser:" + bc.Browser
                ...

For example :

Cookies.Count: 2

Cookies:_ga   Value: GA1.2.163980100.1507000247
Cookies:_gid   Value: GA1.2.1373100693.1518900032

 IsMobileDevice:True
-Browser:Chrome
-Beta:False
-Platform:Unknown
-Type:Chrome47
-Version:47.0
-MobileDeviceModel:Unknown
-MobileDeviceManufacturer:Unknown
-GatewayMajorVersion:0
-MinorVersion:0
-MinorVersionString:0
-MajorVersion:47
-GatewayVersion:None
-Id:chrome
-HasBackButton:True
-Cookies:True
-ClrVersion: 0.0
-InputType:keyboard

Whey these cookies ( _gid and _ga) have been written but our test cookie not?

I read some posts like :

Asp.Net Forms Authentication when using iPhone UIWebView

ASP MVC Cookies not persisting

C# Login code not work on safari

Strange problem with cookies in Safari and Asp.net

Now the question is that: IS THAT A BUG ON .NET 7 ? IF YES WHAT IS THE SOLUTION?

I past here some codes of our project and because of security I replaced some codes with "....." :

On Web.config:

<authentication mode="Forms">
  <forms domain=".mysite.com" name="abc"  cookieless="UseCookies"
    enableCrossAppRedirects="true" loginUrl="/Accounts/Login" 
    timeout="2880" requireSSL="false" path="/" />
   </authentication>

 <machineKey compatibilityMode="Framework45" validationKey="C121487......" 
 decryptionKey="7E43716E4C97....." validation="SHA1" decryption="AES" />

    <sessionState mode="InProc" customProvider="DefaultSessionProvider" cookieless="UseCookies"  cookieName="debnf">
      <providers>
        <add name="DefaultSessionProvider" type="System.Web.Providers.DefaultSessionStateProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf38...." connectionStringName="DefaultConnection" />
      </providers>
    </sessionState>

In App_Browsers :

 <browsers>
    <browser refID="Default">
      <capabilities>
      <capability name="cookies" value="true" />
      </capabilities>
   </browser>
 </browsers>

UPDATE:

This is my main codes :

I write this test cookie here

public ActionResult Login()
{     
  HttpCookie cookie = new HttpCookie("test", "123");
  cookie.Expires = DateTime.UtcNow.AddHours(1);
   Response.Cookies.Add(cookie);
  return View();
 }

and when user click login I check that cookie here:

 [HttpPost]
 public ActionResult Login(LoginModel loginModel)
  {
    if (Request.Cookies["test"] == null)
      {
     .....

      } 

  }

edited Feb 19, 2018 at 6:04

asked Feb 18, 2018 at 15:51

Davood

5,66715 gold badges72 silver badges119 bronze badges

Per How to: Write a Cookie: You must create cookies before the ASP.NET page is rendered to the client. For example, you can write a cookie in a Page_Load event handler but not in a Page_Unload event handler. Also, there is some weird behavior (if I recall correctly) where you write a cookie and it won't actually be posted back to the server until the following request. Tip: That request may be an image or AJAX on the same page. I suggest you study the docs carefully - it takes some work to get cookies to function right.

NightOwl888
– NightOwl888

2018-02-18 16:20:12 +00:00
Commented Feb 18, 2018 at 16:20
nightowl888, thanks for your interesting , but if we write cookie on the wrong place, why some users are ok and have no problem?

Davood
– Davood

2018-02-18 16:25:35 +00:00
Commented Feb 18, 2018 at 16:25
Did you change the code on the server? User may have an old cookie that still work while other are new a didn't get a cookie before the server code changed. Have clients delete cookies and try again.

jdweng
– jdweng

2018-02-18 16:31:01 +00:00
Commented Feb 18, 2018 at 16:31
1

@motevalizadeh - I suspect because those users have visited the site before and have the cookie, but those who load the page straight away don't send the cookie back to the server. Also, cookies can be not supported by browsers, disabled by users, or blocked by firewalls. MS has official documentation about Determining Whether a Browser Accepts Cookies. Note the redirect to get it to function by making a second request to the server.

NightOwl888
– NightOwl888

2018-02-18 17:04:55 +00:00
Commented Feb 18, 2018 at 17:04
1

@motevalizadeh - The cookie code is really old and very unlikely to be changing between versions at this point. It makes no difference which .NET Framework you use. If there is a bug, it is most likely with your code. Like I said, it takes some work to develop a good solution for detecting cookie support. I suggest you use MS's working example as a starting point and then experiment with finding a way to make your login cookie check work. If all else fails, make your login page write a cookie and then redirect to itself with a query parameter to stop it from redirecting in a loop.

NightOwl888
– NightOwl888

2018-02-18 18:31:19 +00:00
Commented Feb 18, 2018 at 18:31

| Show 3 more comments

0 Your Answer

Sign up or log in

Post as a guest

Name

Required, but never shown

Post as a guest

Name

Required, but never shown

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.

Collectives™ on Stack Overflow

Why asp.net randomly create cookies on some devices?

0

Your Answer

Linked

Hot Network Questions

Collectives™ on Stack Overflow

0

Know someone who can answer? Share a link to this question via email, Twitter, or Facebook.

Your Answer

Sign up or log in

Post as a guest

Linked