Welcome to MSDN Blogs Sign in | Join | Help

ASP.NET Cookie Issues...

I finally got the solution to a cookie issue I've been messing with for the last 2 months. My ISP recently upgraded to Win2K3 server. Everything on my site worked great, except that my cookies expired after 30 minutes. I tried everything, searched high and low and came up against a dead end each time. It didnt help that this wasnt frustrating enough for me to walk across to the ASP.NET team and get one of their devs help me debug this issue - I dont have to log in that often so an expired cookie wasn't that big of a deal. My stats page (http://www.mayahari.com/stats ) doesnt log hits if the user is logged in - but if the cookie expires it would count all my visits as hits which was an error - I dont care how many times I hit my own site :)

I finally got the solution from my ISP this weekend, it appears that they had set the ASP.NET process to restart every 30 minutes. The key used for encryption/decryption is auto-generated by ASP.NET every time the app domain or worker process starts. Whenever the process goes away, a new key is generated. So the cookie cannot be decrypted, the key is invalid.

The workaround is to generate a validationKey and encryptionKey, then set these in your web.config. Here is the KB... http://support.microsoft.com/default.aspx?scid=kb;en-us;Q312906 Hopefully this will help folks out there who see the same issue on the ASP.NET pages with cookie expiration.

**Update: As Eric mentioned in his comment, my scenario is Forms Based Cookie Authentication.

Published Monday, November 29, 2004 4:46 PM by harisekhar

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

# Solve the core problem?

Monday, November 29, 2004 9:06 PM by Todd
The real question here should be why your ISP thinks they need to restart ASP.NET every 30 minutes. Is this really a recommended practice, or is your ISP just being paranoid from FUD against IIS, ASP.NET, and Microsoft in general?

# re: ASP.NET Cookie Issues...

Tuesday, November 30, 2004 7:18 AM by Eric Newton
probably should've mentioned that you're talking about FormsAuthentication cookie expiration, and not just general cookie expirary.

And yes, the FormsAuth cookie expiration would be suseptible to the asp.net restarts.

# "Loosing session ids randomly asp.net2" on Yedda

Wednesday, November 08, 2006 10:13 AM by fedders' questions on Yedda

Q: "Why does asp.net 2 loose session ids randomly" A: "There could be several reasons for this behavior (application restart, multiple servers w/ load balancing, and others), but most of them can be overcome using the technique described in the post "ASP.NET

# fervid Wakefield

Monday, December 18, 2006 5:53 PM by fervid Wakefield

or "a day in the life of an SDK dude"

I do not agree. Go to http://www.abouthotels.info/bulwark_United%20Kingdom/displeasure_England/fervid_Wakefield_1.html

# surmullet Barcelona

Thursday, March 29, 2007 6:53 AM by surmullet Barcelona

or "a day in the life of an SDK dude"

I do not agree. Go to http://www.jobzlife.info/univalve_Spain/abbe_Catalu%C3%83%C2%B1a/surmullet_Barcelona_1.html

# Yedda: RE: Loosing session ids randomly asp.net2

Tuesday, May 15, 2007 3:09 PM by Yaniv's answers on Yedda - People. Sharing. Knowledge.

Yaniv answered: re:Why does asp.net

# I do not think so

Tuesday, August 14, 2007 2:50 PM by warsaw hotels

or "a day in the life of an SDK dude"

I do not agree. Go to http://apartments.waw.pl/

# hari s WebLog ASP NET Cookie Issues | Paid Surveys

Friday, May 29, 2009 9:09 PM by hari s WebLog ASP NET Cookie Issues | Paid Surveys

PingBack from http://paidsurveyshub.info/story.php?title=hari-s-weblog-asp-net-cookie-issues

Leave a Comment

(required) 
required 
(required) 

  
Enter Code Here: Required
 
Page view tracker