Re: Cookies Expiring due to different time zones.

Actually its not exactly the time zone problem. Problem is that many
users in my country do not really have maintained PCs, which mean that
there is a high possibility that their PC date is not correct. My
cookie is setting time according to my server. If some one tries to
login on 8th December and his PC has the date 20th July then he is
just not able to login. Is there any way I can set cookie expiration
time according to client PC. I am showing a warning on the 'Trouble
Login Page?' but we all know that people take this as a developmnt
fault instead of thinking that this is how technology is supposed to
work. You just can't give this excuse to users :(

Juan T. Llibre wrote:
re:
I set cookie's expiration time as 4 hours. It works
perfectly fine on my PC and many other PCs which have correct time.
But, if I set date to some old date, user is simply unable to login.

That makes sense, given that users should not
remain authenticated when their tickets have expired.

re:
Can you please tell me what I can do to resolve this
issue. This is the code I am using to create the ticket,

Your code is fine. It works as it should.
Your problem is that you're using an extremely short time for the cookie expiration.

Is there any reason for you not to set the expiration to 25 hours ?
That would overlap all timezones, eliminating the problem.




Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
===================================
"Omer" <omer.mush@xxxxxxxxx> wrote in message
news:1165559019.538653.44000@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
hi Everyone,
I am using ASP.Net 2.0. When user logins, I check the credential and
then made the cookie. My hoster's server is in Arizona region and I am
in Pakistan. I set cookie's expiration time as 4 hours. It works
perfectly fine on my PC and many other PCs which have correct time.
But, if I set date to some old date, user is simply unable to login.
This makes sense as probably cookie timing is not matching. Dilemma is
that many users at home do not have correct time :( and probably thats
why, everyday we get 4-5 mails at support maintaining that they are
unable to login. Can you please tell me what I can do to resolve this
issue. This is the code I am using to create the ticket,

FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
this.loginUser1.UserName, DateTime.Now, DateTime.Now.AddHours(4),
this.loginUser1.RememberMeSet, userData);

string cookieStr = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new
HttpCookie(FormsAuthentication.FormsCookieName, cookieStr);
if (this.loginUser1.RememberMeSet)
{
cookie.Expires = ticket.Expiration;
}

cookie.Path = FormsAuthentication.FormsCookiePath;
Response.Cookies.Add(cookie);

And this is what I am doing in Global.asax's
Application_AuthenticateRequest function,

if (!(HttpContext.Current.User == null))
{
if (HttpContext.Current.User.Identity.AuthenticationType ==
"Forms")
{
System.Web.Security.FormsIdentity id;
id =
(System.Web.Security.FormsIdentity)HttpContext.Current.User.Identity;
string[] userData = id.Ticket.UserData.Split(new
string[] { "," },

StringSplitOptions.RemoveEmptyEntries);

HttpContext.Current.User = new
System.Security.Principal.GenericPrincipal(id, userData);
}
}

Bye,
Omer


.

Relevant Pages

  • Re: Cookies Expiring due to different time zones.
    ... post to your aspx login, sending the cookie's date in a hidden field ... set the aspx login cookie using the date/time in the hidden field ... This is the code I am using to create the ticket, ... Your problem is that you're using an extremely short time for the cookie expiration. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: using a shared session
    ... you will have to pass the ticket to site. ... they will be prompted for a login. ... | We have 3 different web applications on three different websites (and ... | and is saved in the cookie for that session. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Forms Authentication Roles based
    ... I am creating an application which has 3 roleswith login ... FormsAuthenticationTicket ticket = new FormsAuthenticationTicket( ... // "true" for a persistent user cookie ... string hash = FormsAuthentication.Encrypt; ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • cookie value being garbled.
    ... Each request to the site refreshes the ticket (stored in a cookie). ... together then the next request after the login OK page receives ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Accessing and displaying SSL web pages and cookies from a windows form
    ... or LoadXML calls to urls on the website in order to get data or post data to ... first redirected to a SSL login page, if a particular cookie is not present, ... cookie is not present instead of getting the data. ... >> the data in the cookie and also not redirect to the login page. ...
    (microsoft.public.dotnet.languages.vb)