Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > Cookies Expiring due to different time zones.

Reply
Thread Tools

Cookies Expiring due to different time zones.

 
 
Omer
Guest
Posts: n/a
 
      12-08-2006
hi Everyone,
I am using ASP.Net 2.0. When user logins, I check the credential and
then made the cookie. My hoster's server is in Arizona region and I am
in Pakistan. I set cookie's expiration time as 4 hours. It works
perfectly fine on my PC and many other PCs which have correct time.
But, if I set date to some old date, user is simply unable to login.
This makes sense as probably cookie timing is not matching. Dilemma is
that many users at home do not have correct time and probably thats
why, everyday we get 4-5 mails at support maintaining that they are
unable to login. Can you please tell me what I can do to resolve this
issue. This is the code I am using to create the ticket,

FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
this.loginUser1.UserName, DateTime.Now, DateTime.Now.AddHours(4),
this.loginUser1.RememberMeSet, userData);

string cookieStr = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new
HttpCookie(FormsAuthentication.FormsCookieName, cookieStr);
if (this.loginUser1.RememberMeSet)
{
cookie.Expires = ticket.Expiration;
}

cookie.Path = FormsAuthentication.FormsCookiePath;
Response.Cookies.Add(cookie);

And this is what I am doing in Global.asax's
Application_AuthenticateRequest function,

if (!(HttpContext.Current.User == null))
{
if (HttpContext.Current.User.Identity.AuthenticationT ype ==
"Forms")
{
System.Web.Security.FormsIdentity id;
id =
(System.Web.Security.FormsIdentity)HttpContext.Cur rent.User.Identity;
string[] userData = id.Ticket.UserData.Split(new
string[] { "," },

StringSplitOptions.RemoveEmptyEntries);

HttpContext.Current.User = new
System.Security.Principal.GenericPrincipal(id, userData);
}
}

Bye,
Omer

 
Reply With Quote
 
 
 
 
Omer
Guest
Posts: n/a
 
      12-08-2006
Hi Guys,
I will really appreciate, if someone can give me some guidance.
Bye,
Omer.
Omer wrote:
> hi Everyone,
> I am using ASP.Net 2.0. When user logins, I check the credential and
> then made the cookie. My hoster's server is in Arizona region and I am
> in Pakistan. I set cookie's expiration time as 4 hours. It works
> perfectly fine on my PC and many other PCs which have correct time.
> But, if I set date to some old date, user is simply unable to login.
> This makes sense as probably cookie timing is not matching. Dilemma is
> that many users at home do not have correct time and probably thats
> why, everyday we get 4-5 mails at support maintaining that they are
> unable to login. Can you please tell me what I can do to resolve this
> issue. This is the code I am using to create the ticket,
>
> FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
> this.loginUser1.UserName, DateTime.Now, DateTime.Now.AddHours(4),
> this.loginUser1.RememberMeSet, userData);
>
> string cookieStr = FormsAuthentication.Encrypt(ticket);
> HttpCookie cookie = new
> HttpCookie(FormsAuthentication.FormsCookieName, cookieStr);
> if (this.loginUser1.RememberMeSet)
> {
> cookie.Expires = ticket.Expiration;
> }
>
> cookie.Path = FormsAuthentication.FormsCookiePath;
> Response.Cookies.Add(cookie);
>
> And this is what I am doing in Global.asax's
> Application_AuthenticateRequest function,
>
> if (!(HttpContext.Current.User == null))
> {
> if (HttpContext.Current.User.Identity.AuthenticationT ype ==
> "Forms")
> {
> System.Web.Security.FormsIdentity id;
> id =
> (System.Web.Security.FormsIdentity)HttpContext.Cur rent.User.Identity;
> string[] userData = id.Ticket.UserData.Split(new
> string[] { "," },
>
> StringSplitOptions.RemoveEmptyEntries);
>
> HttpContext.Current.User = new
> System.Security.Principal.GenericPrincipal(id, userData);
> }
> }
>
> Bye,
> Omer


 
Reply With Quote
 
 
 
 
Juan T. Llibre
Guest
Posts: n/a
 
      12-08-2006
re:
> I set cookie's expiration time as 4 hours. It works
> perfectly fine on my PC and many other PCs which have correct time.
> But, if I set date to some old date, user is simply unable to login.


That makes sense, given that users should not
remain authenticated when their tickets have expired.

re:
> Can you please tell me what I can do to resolve this
> issue. This is the code I am using to create the ticket,


Your code is fine. It works as it should.
Your problem is that you're using an extremely short time for the cookie expiration.

Is there any reason for you not to set the expiration to 25 hours ?
That would overlap all timezones, eliminating the problem.




Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en espaņol : http://asp.net.do/foros/
===================================
"Omer" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ups.com...
> hi Everyone,
> I am using ASP.Net 2.0. When user logins, I check the credential and
> then made the cookie. My hoster's server is in Arizona region and I am
> in Pakistan. I set cookie's expiration time as 4 hours. It works
> perfectly fine on my PC and many other PCs which have correct time.
> But, if I set date to some old date, user is simply unable to login.
> This makes sense as probably cookie timing is not matching. Dilemma is
> that many users at home do not have correct time and probably thats
> why, everyday we get 4-5 mails at support maintaining that they are
> unable to login. Can you please tell me what I can do to resolve this
> issue. This is the code I am using to create the ticket,
>
> FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
> this.loginUser1.UserName, DateTime.Now, DateTime.Now.AddHours(4),
> this.loginUser1.RememberMeSet, userData);
>
> string cookieStr = FormsAuthentication.Encrypt(ticket);
> HttpCookie cookie = new
> HttpCookie(FormsAuthentication.FormsCookieName, cookieStr);
> if (this.loginUser1.RememberMeSet)
> {
> cookie.Expires = ticket.Expiration;
> }
>
> cookie.Path = FormsAuthentication.FormsCookiePath;
> Response.Cookies.Add(cookie);
>
> And this is what I am doing in Global.asax's
> Application_AuthenticateRequest function,
>
> if (!(HttpContext.Current.User == null))
> {
> if (HttpContext.Current.User.Identity.AuthenticationT ype ==
> "Forms")
> {
> System.Web.Security.FormsIdentity id;
> id =
> (System.Web.Security.FormsIdentity)HttpContext.Cur rent.User.Identity;
> string[] userData = id.Ticket.UserData.Split(new
> string[] { "," },
>
> StringSplitOptions.RemoveEmptyEntries);
>
> HttpContext.Current.User = new
> System.Security.Principal.GenericPrincipal(id, userData);
> }
> }
>
> Bye,
> Omer
>



 
Reply With Quote
 
Omer
Guest
Posts: n/a
 
      12-08-2006
Actually its not exactly the time zone problem. Problem is that many
users in my country do not really have maintained PCs, which mean that
there is a high possibility that their PC date is not correct. My
cookie is setting time according to my server. If some one tries to
login on 8th December and his PC has the date 20th July then he is
just not able to login. Is there any way I can set cookie expiration
time according to client PC. I am showing a warning on the 'Trouble
Login Page?' but we all know that people take this as a developmnt
fault instead of thinking that this is how technology is supposed to
work. You just can't give this excuse to users

Juan T. Llibre wrote:
> re:
> > I set cookie's expiration time as 4 hours. It works
> > perfectly fine on my PC and many other PCs which have correct time.
> > But, if I set date to some old date, user is simply unable to login.

>
> That makes sense, given that users should not
> remain authenticated when their tickets have expired.
>
> re:
> > Can you please tell me what I can do to resolve this
> > issue. This is the code I am using to create the ticket,

>
> Your code is fine. It works as it should.
> Your problem is that you're using an extremely short time for the cookie expiration.
>
> Is there any reason for you not to set the expiration to 25 hours ?
> That would overlap all timezones, eliminating the problem.
>
>
>
>
> Juan T. Llibre, asp.net MVP
> asp.net faq : http://asp.net.do/faq/
> foros de asp.net, en espaņol : http://asp.net.do/foros/
> ===================================
> "Omer" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) ups.com...
> > hi Everyone,
> > I am using ASP.Net 2.0. When user logins, I check the credential and
> > then made the cookie. My hoster's server is in Arizona region and I am
> > in Pakistan. I set cookie's expiration time as 4 hours. It works
> > perfectly fine on my PC and many other PCs which have correct time.
> > But, if I set date to some old date, user is simply unable to login.
> > This makes sense as probably cookie timing is not matching. Dilemma is
> > that many users at home do not have correct time and probably thats
> > why, everyday we get 4-5 mails at support maintaining that they are
> > unable to login. Can you please tell me what I can do to resolve this
> > issue. This is the code I am using to create the ticket,
> >
> > FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
> > this.loginUser1.UserName, DateTime.Now, DateTime.Now.AddHours(4),
> > this.loginUser1.RememberMeSet, userData);
> >
> > string cookieStr = FormsAuthentication.Encrypt(ticket);
> > HttpCookie cookie = new
> > HttpCookie(FormsAuthentication.FormsCookieName, cookieStr);
> > if (this.loginUser1.RememberMeSet)
> > {
> > cookie.Expires = ticket.Expiration;
> > }
> >
> > cookie.Path = FormsAuthentication.FormsCookiePath;
> > Response.Cookies.Add(cookie);
> >
> > And this is what I am doing in Global.asax's
> > Application_AuthenticateRequest function,
> >
> > if (!(HttpContext.Current.User == null))
> > {
> > if (HttpContext.Current.User.Identity.AuthenticationT ype ==
> > "Forms")
> > {
> > System.Web.Security.FormsIdentity id;
> > id =
> > (System.Web.Security.FormsIdentity)HttpContext.Cur rent.User.Identity;
> > string[] userData = id.Ticket.UserData.Split(new
> > string[] { "," },
> >
> > StringSplitOptions.RemoveEmptyEntries);
> >
> > HttpContext.Current.User = new
> > System.Security.Principal.GenericPrincipal(id, userData);
> > }
> > }
> >
> > Bye,
> > Omer
> >


 
Reply With Quote
 
Hans Kesting
Guest
Posts: n/a
 
      12-08-2006
> Actually its not exactly the time zone problem. Problem is that many
> users in my country do not really have maintained PCs, which mean that
> there is a high possibility that their PC date is not correct. My
> cookie is setting time according to my server. If some one tries to
> login on 8th December and his PC has the date 20th July then he is
> just not able to login. Is there any way I can set cookie expiration
> time according to client PC. I am showing a warning on the 'Trouble
> Login Page?' but we all know that people take this as a developmnt
> fault instead of thinking that this is how technology is supposed to
> work. You just can't give this excuse to users
>


Maybe this:
on the login page, add some javascript function that automatically
fills some hidden input with the current date/time, as reported by the
client PC. Use this date as the basis for your cookie timeout (as an
absolute expiry date).

Hans Kesting


 
Reply With Quote
 
Juan T. Llibre
Guest
Posts: n/a
 
      12-08-2006
re:
> Problem is that many sers in my country do not really have maintained PCs,
> which mean that there is a high possibility that their PC date is not correct.


You cannot program to cover all people's stupidities.

re:
> Is there any way I can set cookie expiration time according to client PC.


1. set the cookie with javascript in your aspx login page
2. post to your aspx login, sending the cookie's date in a hidden field
3. read the cookie's date/time (in the hidden field) before logging in the user
4. set the aspx login cookie using the date/time in the hidden field

That might get tricky, though.

re:
> we all know that people take this as a developmnt fault instead of thinking that
> this is how technology is supposed to work. You just can't give this excuse to users


That's not an excuse. Educate your users.
Telling your users that the site needs their clocks set to the correct date is OK.




Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en espaņol : http://asp.net.do/foros/
===================================
"Omer" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
Actually its not exactly the time zone problem. Problem is that many
users in my country do not really have maintained PCs, which mean that
there is a high possibility that their PC date is not correct. My
cookie is setting time according to my server. If some one tries to
login on 8th December and his PC has the date 20th July then he is
just not able to login. Is there any way I can set cookie expiration
time according to client PC. I am showing a warning on the 'Trouble
Login Page?' but we all know that people take this as a developmnt
fault instead of thinking that this is how technology is supposed to
work. You just can't give this excuse to users

Juan T. Llibre wrote:
> re:
> > I set cookie's expiration time as 4 hours. It works
> > perfectly fine on my PC and many other PCs which have correct time.
> > But, if I set date to some old date, user is simply unable to login.

>
> That makes sense, given that users should not
> remain authenticated when their tickets have expired.
>
> re:
> > Can you please tell me what I can do to resolve this
> > issue. This is the code I am using to create the ticket,

>
> Your code is fine. It works as it should.
> Your problem is that you're using an extremely short time for the cookie expiration.
>
> Is there any reason for you not to set the expiration to 25 hours ?
> That would overlap all timezones, eliminating the problem.
>
>
>
>
> Juan T. Llibre, asp.net MVP
> asp.net faq : http://asp.net.do/faq/
> foros de asp.net, en espaņol : http://asp.net.do/foros/
> ===================================
> "Omer" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) ups.com...
> > hi Everyone,
> > I am using ASP.Net 2.0. When user logins, I check the credential and
> > then made the cookie. My hoster's server is in Arizona region and I am
> > in Pakistan. I set cookie's expiration time as 4 hours. It works
> > perfectly fine on my PC and many other PCs which have correct time.
> > But, if I set date to some old date, user is simply unable to login.
> > This makes sense as probably cookie timing is not matching. Dilemma is
> > that many users at home do not have correct time and probably thats
> > why, everyday we get 4-5 mails at support maintaining that they are
> > unable to login. Can you please tell me what I can do to resolve this
> > issue. This is the code I am using to create the ticket,
> >
> > FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
> > this.loginUser1.UserName, DateTime.Now, DateTime.Now.AddHours(4),
> > this.loginUser1.RememberMeSet, userData);
> >
> > string cookieStr = FormsAuthentication.Encrypt(ticket);
> > HttpCookie cookie = new
> > HttpCookie(FormsAuthentication.FormsCookieName, cookieStr);
> > if (this.loginUser1.RememberMeSet)
> > {
> > cookie.Expires = ticket.Expiration;
> > }
> >
> > cookie.Path = FormsAuthentication.FormsCookiePath;
> > Response.Cookies.Add(cookie);
> >
> > And this is what I am doing in Global.asax's
> > Application_AuthenticateRequest function,
> >
> > if (!(HttpContext.Current.User == null))
> > {
> > if (HttpContext.Current.User.Identity.AuthenticationT ype ==
> > "Forms")
> > {
> > System.Web.Security.FormsIdentity id;
> > id =
> > (System.Web.Security.FormsIdentity)HttpContext.Cur rent.User.Identity;
> > string[] userData = id.Ticket.UserData.Split(new
> > string[] { "," },
> >
> > StringSplitOptions.RemoveEmptyEntries);
> >
> > HttpContext.Current.User = new
> > System.Security.Principal.GenericPrincipal(id, userData);
> > }
> > }
> >
> > Bye,
> > Omer
> >



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Give Request.Cookies and Response.Cookies is there any reason to use another method to use cookies? _Who ASP .Net 7 09-18-2008 07:49 PM
How to due with "warning LNK4075: ignoring '/INCREMENTAL' due to Fresh C++ 2 04-22-2008 09:03 PM
Cookies expiring when user logs out? Steve ASP .Net Security 6 07-06-2007 12:58 AM
Forms authentication cookies not expiring... pv_kannan@yahoo.com ASP .Net 2 08-30-2005 09:24 AM
Expiring cookies Jim Kelly ASP .Net 3 08-05-2003 03:00 AM



Advertisments