This question already has answers here:
Cross-Domain Cookies
(17 answers)
Closed 7 years ago.
I am trying to set a cookie for domain b.com, but the page which is setting the cookie is on a.com
the code is as below
HttpCookie myCookie = new HttpCookie("UserSettings");
myCookie["Font"] = "Arial";
myCookie["Color"] = "Blue";
myCookie.Expires = DateTime.Now.AddDays(1d);
myCookie.domain = "b.com";
myCookie.path ="/";
Response.Cookies.Add(myCookie);
I'm pretty sure this part of the code is working as I am able to do a request.cookies to get the values. However, it is not really set on my browser. When I open a browser (such as Chrome and Firefox) and view all the cookies, then search for domain "b.com", nothing is found! Is the cookie is not really set? I tried all night to figure this out but I can't. What am I doing wrong?
As stated in this question, there is no way to create a cookie for a different domain. If it's possible for you, you could work your way with redirections from domain to domain to set the cookies.
Related
This is one of those dumb questions. The answer should be simple, but it doesn't seem to be working. Anyone have any ideas where else for me to look for some rep?
I'm adding a cookie on a button click
var impersonationCookie = new HttpCookie("UserImp_ImpAuid");
impersonationCookie.Value = Encode64(auidToImpersonate);
impersonationCookie.Expires = DateTime.Now.AddDays(1d);
impersonationCookie.Path = "/";
Page.Response.Cookies.Add(impersonationCookie);
I'm expiring a cookie and clearing the value on a page_load
HttpCookie currentUserCookie = HttpContext.Current.Request.Cookies["UserImp_ImpAuid"];
HttpContext.Current.Response.Cookies.Remove("UserImp_ImpAuid");
currentUserCookie.Expires = DateTime.Now.AddDays(-10);
currentUserCookie.Value = null;
HttpContext.Current.Response.SetCookie(currentUserCookie);
Chrome (v 69) still shows the cookie with the value MDAwMDM5OTk2 and with an expiration date of When the browsing session ends.
I've tried plenty of variations from other questions
Delete a cookie on signing out
How to delete a cookie from .net
How to delete cookies on an asp.net website
As mentioned in the comment, This could be because chrome setting "Continue where you left off".
You can cross check in a different browser.
Chrome Doesn't Delete Session Cookies
This question already has answers here:
Change a cookie value of a cookie that already exists
(3 answers)
Closed 5 years ago.
I'm trying to modify the value of my cookie but It doesn't modify instead it appends. What am I doing wrong?
Currently, SkillId cookie contains 112 in value, I want to update its value with whatever is in my variable qualifyBySkill.
string qualifyBySkill = "189";
HttpCookie cookie = Request.Cookies["SkillId"];
if (cookie != null)
{
cookie.Values["SkillId"] = qualifyBySkill;
}
cookie.Expires = DateTime.UtcNow.AddDays(1);
Response.Cookies.Add(cookie);
What happens is, after this code it sets 112&SkillId=189 instead of 189 in Value. What am i doing wrong?
When thinking about cookies, it's helpful to remember that cookies are created by and stored by the browser alone. They are not passed back and forth between the browser and the server.
Request.Cookies contains a list of cookie headers that the browser sent, informing the server of the existence of a subset of cookies; they are not the actual cookies, and in fact lack much of the information contained in normal cookie record (e.g. domain and path).
Response.Cookies contains only set-cookie headers, asking the browser to create a cookie. This list is usually empty.
To change a cookie on the browser, the server must set a new cookie header. The important word being new.
string qualifyBySkill = "189";
var cookie = new HttpCookie("SkillId", qualifyBySkill);
cookie.Expires = DateTime.UtcNow.AddDays(1);
Response.Cookies.Add(cookie);
I am having a problem with my asp.net web application and Chrome. When I close my Chrome browser window, it does not clear out cookies. This means that if I log into my web application using forms authentication, and then close and reopen the browser window, it shows I am still logged in!
I read that this may be a Chrome bug, but there must be some way around it.
I found this post and would like to run the following code from it when the browser window is closed:
FormsAuthentication.SignOut();
Session.Abandon();
// clear authentication cookie
HttpCookie cookie1 = new HttpCookie(FormsAuthentication.FormsCookieName, "");
cookie1.Expires = DateTime.Now.AddYears(-1);
Response.Cookies.Add(cookie1);
// clear session cookie (not necessary for your current problem but i would recommend you do it anyway)
HttpCookie cookie2 = new HttpCookie("ASP.NET_SessionId", "");
cookie2.Expires = DateTime.Now.AddYears(-1);
Response.Cookies.Add(cookie2);
My question is, is there a browser closed event handler that I can specify somewhere in my code? Perhaps Application_End in the Global.aspx file? Or is that not what it is meant for?
Or is there another way to solve this issue?
Thank you.
Here is what my code looks like:
private void Login_Click(Object sender, EventArgs e)
{
// Create a custom FormsAuthenticationTicket containing
// application specific data for the user.
string username = UserNameTextBox.Text;
string password = UserPassTextBox.Text;
bool isPersistent = false;
if (Membership.ValidateUser(username, password))
{
string userData = "ApplicationSpecific data for this user.";
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
username,
DateTime.Now,
DateTime.Now.AddMinutes(30),
isPersistent,
userData,
FormsAuthentication.FormsCookiePath);
// Encrypt the ticket.
string encTicket = FormsAuthentication.Encrypt(ticket);
// Create the cookie.
Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName, encTicket));
// Redirect back to original URL.
Response.Redirect(FormsAuthentication.GetRedirectUrl(username, isPersistent));
}
else
{
Msg.Text = "Login failed. Please check your user name and password and try again.";
}
}
Only replace isPersistent with the value of checkbox.Checked which is false by default.
EDIT:
Another annoying thing which is what may be going on is from [this] link where the top answer says:
It also matters which browser you use. Chrome has the ability to run in the background, and that keeps Session Cookies around until their timeout is hit -- they are not dropped when the browser is closed (I found this out the hard way).
2
There is no browser closed handler, how could there be? Once the page is done being served the connection is closed. You have no idea if a user browses away from the site, closes the browser, or let's it sit there for a day. You would have to use client-side code to call a service to handle this and the client-side code to do this is unreliable enough to make it useless.
When you set the authentication cookie, make sure the persistent option is false.
Also, when you close your browser ensure that you are closing all browser windows. If you have multiple browser windows they will share the same cache for cookies so things like the session cookie are still alive because of this and lead you to believe the authentication is kept alive by the server when it's really the browser.
I am using c# and mvc. I am trying to write a cookie to the user browser. But after a refresh of the browser the cookie disappears.
This is my code for writing the cookie:
movieCookie = new HttpCookie(cookieName);
movieCookie.Value = "test;
movieCookie.Expires = DateTime.Now.AddDays(30);
//add the cookie
HttpContext.Current.Response.Cookies.Add(movieCookie);
and the one for reading the cookie:
//check if such cookie exist
HttpCookie movieCookie = null;
if (HttpContext.Current.Request.Cookies.AllKeys.Contains(cookieName))
movieCookie = HttpContext.Current.Request.Cookies[cookieName];
Another thing to add is that when I searched "AllKeys" like so:
HttpContext.Current.Request.Cookies.AllKeys
it shows an empty string array, for some reason.
any ideas?
Some possibly silly questions
Check your web-servers time and date, are they set correctly, if they are (in your case) 2 years out it will expire cookies immediately.
Check that cookieName is the same
Check that after setting the cookie to the response your not redirecting before the cookie is set. For a cookie to be set you need to set headers and push them out.
I solved it. It appears that in MVC the "return view" after the cookie creation, cause the cookie not to be saved.
I'm trying to delete a cookie but somehow it is not getting deleted in IE 8
This is the code i'm using
HttpCookie userCookie = Request.Cookies[cookieName];
if (userCookie != null)
{
userCookie.Expires = DateTime.Now.AddDays(-1);
if (!string.IsNullOrEmpty(cookieDomain))
userCookie.Domain = cookieDomain;
Response.Cookies.Add(userCookie);
}
It is working fine in firfox and chrome .
Suppose the name of the cookie is testcookie. We created this cookie from xyz.com and we set the domain of the cookie as ".xyz.com". Now we are deleting or expiring this cookie from subdomain.xyz.com. We are deleting the cookie with the code we have mentioned above.
Check your cookies. You may have two cookies called "testcookie" or whatever. This has happened to me before and caused a lot of pain. You can check quickly by typing javascript:alert(document.cookie) into the address bar.
If you have got duplicate cookies delete all your cookies and start testing again. I.e. setting your testcookie, then on another request try expiring it again how you were before.