Re: COOKIE EXPIRATION TIME

From: Scott M. (s-mar_at_nospam.nospam)
Date: 08/04/04 

Date: Wed, 4 Aug 2004 10:17:04 -0400

Have you looked at: Now.ToUniversalTime.AddMinutes(nn)? This may solve
your problem.

If I may make a recommendation though, you could avoid all of this if use
Sessions with a short timeout value.

Good luck!

"Oleg Leikin" <OlegLeikin@discussions.microsoft.com> wrote in message
news:665CDEF9-2F42-4CD3-AB45-F451DAFAB9B5@microsoft.com...
> Scott,
>
> our application is some kind of single signon service, so the cookies we
use should have pretty short lifetime in order to let the user to enter some
protected content at any point all over the world and then to expire. I'm
talking "in seconds or minutes", so GMT time difference is pretty critical.
>
> My approach was in relative time terms until some suspicions had waken up
:-)
>
> Tnanks for all !!!
>
>
>
> "Scott M." wrote:
>
> > Oleg, again, you are getting too hung up on the words and not seeing the
big
> > picture. It may be built into the expires property to treat the date
> > entered as GMT, but (again) 30 days from now can be expressed as GMT
just as
> > well as 12/31/05 can. The expires property requires a date value,
period.
> > That date value *can* be absolute, but it would make no practical sense
to
> > do this (unless your site was going out of business on a particular
date!).
> >
> > Don't worry about GMT. Why does it matter? If I come to your site and
you
> > place a cookie on my machine that is set to expire at: Now.AddDays(30),
the
> > cookie will be valid for the next 30 days (from the server's clock).
Sure,
> > you may have a few hours of difference depending on where the clients
are
> > actually located (and, while I haven't used it, you might try:
> > Now.ToUniversalTime.AddDays(nn), rather than just Now.AddDays(nn)).
> >
> > Think about this, if we set our expires property to absolute
expirations,
> > then no matter how often a user might visit our site, their cookie
*will*
> > become invalid on a particular date, even though the user might have
been
> > using the site just the day before. And then, we (the developer) would
have
> > to get into the habit of changing our code after each time that the
> > expiration date had passed (not very practical).
> >
> > Trust me, sliding expirations are how it is done. You are just getting
a
> > bit hung up on the verbiage of the documentation.
> >
> > "Oleg Leikin" <OlegLeikin@discussions.microsoft.com> wrote in message
> > news:B48B73D4-0167-4D6F-9A9C-45B30C59E3B9@microsoft.com...
> > > Quotation from some other MS article:
> > > "The expiration date is set by using the format expires=<date>, where
> > <date> is the expiration date in Greenwich Mean Time (GMT)."
> > >
> > > I think this is the key: all communication participants (the server
and
> > the clients) handle the time of one and the only one time zone (GMT).
> > >
> > > So the only question is if .NET converts the server local time value
to
> > GMT by adding/subtracting the difference beetwen GMT and the server
location
> > or I should handle this by myself ?
> > >
> > > Oleg
> > >
> > > "Scott M." wrote:
> > >
> > > > The definition you gave is correct, you do specify a time that the
> > cookie
> > > > will expires on the client. You just don't set it absolutely that's
> > all.
> > > > 30 days from today produces a time just as well as 12/31/05 does.
> > > >
> > > > The code I gave you comes directly from the MSDN help on the Expires
> > > > property of the HttpCookie class.
> > > >
> > > > Sliding expirations have always been the way cookies have worked.
> > Imagine
> > > > setting an absolute date/time and having a new user come to the page
5
> > > > seconds before that time!
> > > >
> > > >
> > > > "Oleg Leikin" <OlegLeikin@discussions.microsoft.com> wrote in
message
> > > > news:5357891E-C967-4AA0-939D-73D8CECDF145@microsoft.com...
> > > > > Scott,
> > > > >
> > > > > I'm still curious who's right: you or MS documentation :-) The
> > > > documentation for HttpCookie.Expires Property says "The time of day
(on
> > the
> > > > client) at which the cookie expires." - sounds like an absolute
value...
> > > > > On other hand maybe some lower .NET level translates this absolute
> > value
> > > > to time span (but still it should know the local time) or the
browser
> > does
> > > > the translation ? Or maybe according to the cookie standard this
value
> > is
> > > > always relative ?
> > > > >
> > > > > Oleg
> > > > >
> > > > >
> > > > >
> > > > > "Scott M." wrote:
> > > > >
> > > > > > If you intend to read/write cookies from the server-side, then
this
> > is
> > > > the
> > > > > > price you pay. You certainly can do it client-side or capture
the
> > local
> > > > > > time client-side and send it to the server as a hidden form
field.
> > > > Either
> > > > > > way, cookie expirations are not set absolutely, they are set
based
> > on a
> > > > > > timespan.
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > "Oleg Leikin" <OlegLeikin@discussions.microsoft.com> wrote in
> > message
> > > > > > news:D0E6C1E0-CD5E-4A75-86A3-62E2BCDDBE83@microsoft.com...
> > > > > > > Thanks Scott, I'm familiar with the syntax, but suppose that
your
> > > > server
> > > > > > runs at US and the client at Siberia, so when the cookie will
reach
> > the
> > > > > > recipient his browser will simply discard it.
> > > > > > >
> > > > > > > Oleg
> > > > > > >
> > > > > > > "Scott M." wrote:
> > > > > > >
> > > > > > > > Here you go Oleg:
> > > > > > > >
> > > > > > > > Example
> > > > > > > > The following example sets the expiration time of the cookie
to
> > 10
> > > > > > minutes
> > > > > > > > from the current time.
> > > > > > > >
> > > > > > > > [Visual Basic]
> > > > > > > > Dim dt As DateTime = DateTime.Now()
> > > > > > > > Dim ts As New TimeSpan(0,0,10,0)
> > > > > > > >
> > > > > > > >
> > > > > > > > "Oleg Leikin" <OlegLeikin@discussions.microsoft.com> wrote
in
> > > > message
> > > > > > > > news:8A4B3D48-79FF-4EB5-A0B5-3AD595F29572@microsoft.com...
> > > > > > > > > Actually my application involves Java Applet tah's
embedded at
> > one
> > > > of
> > > > > > > > ASPXs, so it could supply the local time... But I'm still
> > wondering
> > > > how
> > > > > > > > other people handle this issue without java script.
> > > > > > > > >
> > > > > > > > > Oleg
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > "S. Justin Gengo" wrote:
> > > > > > > > >
> > > > > > > > > > Yes,
> > > > > > > > > >
> > > > > > > > > > If you're able to get a value back from the client you
could
> > > > trust
> > > > > > that
> > > > > > > > you
> > > > > > > > > > would know exactly when the cookie would expire.
> > > > > > > > > >
> > > > > > > > > > Of course this solution counts on the client having
> > javascript
> > > > > > enabled.
> > > > > > > > > >
> > > > > > > > > > --
> > > > > > > > > > Sincerely,
> > > > > > > > > >
> > > > > > > > > > S. Justin Gengo, MCP
> > > > > > > > > > Web Developer / Programmer
> > > > > > > > > >
> > > > > > > > > > www.aboutfortunate.com
> > > > > > > > > >
> > > > > > > > > > "Out of chaos comes order."
> > > > > > > > > > Nietzsche
> > > > > > > > > > "Oleg Leikin" <OlegLeikin@discussions.microsoft.com>
wrote
> > in
> > > > > > message
> > > > > > > > > >
news:EA3E650B-DED0-41B4-991D-F7902B8591DB@microsoft.com...
> > > > > > > > > > > Justin,
> > > > > > > > > > >
> > > > > > > > > > > do u mean that cookie expiration time is an absolute
value
> > ?
> > > > > > > > > > >
> > > > > > > > > > > Oleg
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > > "S. Justin Gengo" wrote:
> > > > > > > > > > >
> > > > > > > > > > > > Oleg,
> > > > > > > > > > > >
> > > > > > > > > > > > You could use a javascript to enter the client's
time
> > into a
> > > > > > hidden
> > > > > > > > form
> > > > > > > > > > > > field.
> > > > > > > > > > > >
> > > > > > > > > > > > Of course this information would then have to be
posted
> > back
> > > > > > before
> > > > > > > > > > setting
> > > > > > > > > > > > the cookie...
> > > > > > > > > > > >
> > > > > > > > > > > > Something like this:
> > > > > > > > > > > >
> > > > > > > > > > > > <script language="Javascript">
> > > > > > > > > > > > <!--
> > > > > > > > > > > > document.Form1.myHiddenField.value = new Date()
> > > > > > > > > > > > //-->
> > > > > > > > > > > > </script>
> > > > > > > > > > > >
> > > > > > > > > > > > --
> > > > > > > > > > > > Sincerely,
> > > > > > > > > > > >
> > > > > > > > > > > > S. Justin Gengo, MCP
> > > > > > > > > > > > Web Developer / Programmer
> > > > > > > > > > > >
> > > > > > > > > > > > www.aboutfortunate.com
> > > > > > > > > > > >
> > > > > > > > > > > > "Out of chaos comes order."
> > > > > > > > > > > > Nietzsche
> > > > > > > > > > > > "Oleg Leikin" <OlegLeikin@discussions.microsoft.com>
> > wrote
> > > > in
> > > > > > > > message
> > > > > > > > > > > >
> > news:91CA0EFD-CE4E-44A8-BCDA-0862EF59BC62@microsoft.com...
> > > > > > > > > > > > > Hi,
> > > > > > > > > > > > >
> > > > > > > > > > > > > (newbie question)
> > > > > > > > > > > > >
> > > > > > > > > > > > > I've created some simple .NET ASP application that
> > should
> > > > > > store
> > > > > > > > > > cookies at
> > > > > > > > > > > > the client machine.
> > > > > > > > > > > > >
> > > > > > > > > > > > > According to the documentation cookie expiration
time
> > is
> > > > set
> > > > > > via
> > > > > > > > > > > > HttpCookie.Expires property, but property value is
the
> > time
> > > > of
> > > > > > day
> > > > > > > > on
> > > > > > > > > > the
> > > > > > > > > > > > client.
> > > > > > > > > > > > >
> > > > > > > > > > > > > How can I possibly know client local time ?
> > > > > > > > > > > > >
> > > > > > > > > > > > >
> > > > > > > > > > > > > Thanks in advance !!!
> > > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > >
> > > >
> > > >
> >
> >
> >