Cookies are killing me

[news.microsoft.com]

I am having a difficult time with cookies. In my code, I need to allow a user to login to my admin site. I figure I can set a cookie, then authenticate them, and all should be well. This works, however, when I want to log off the user, my cookie is giving my issues with the expiration date. The expiration date is always "1/1/1," so I cannot delete the cookie.

The code below is my login logic. When I login a user, I create them a cookie as persistant, then use FormsAuthentication.SetAuthCookie, then I redirect them to the main admin page. When I debug the code, I can see that the cookie does have a sensible expiration date, but after the Response.Redirect, the sensible expiration date becomes "1/1/1." This is killing me. Any thoughts?

Thanks.


HttpCookie cookie = new HttpCookie("MustSeeHomesAdmin");
cookie.Expires = System.DateTime.Now.AddDays(7);
cookie.Values["Persistent"] = "true";
cookie.Value = contact.UserPboID.ToString();
HttpContext.Current.Response.Cookies.Add(cookie);

// Authenticate the user
FormsAuthentication.SetAuthCookie( contact.UserPboID.ToString(),true);
// Redirect browser back to originating page
Response.Redirect( Request.UrlReferrer.AbsolutePath + "?mod=homes" );

 

[Rick Strahl [MVP]]

Alex,

Your problem is that you are redirecting from your request. If you redirect
cookies are not set. You will need to either post back to the page before
redirecting or use some sort of intermediate page as to guarantee that the
Cookie (or Session Cookie for that matter) gets written out.

For situations like this I usually use an Intermediate Page callable
directly from a worker page:

http://www.west-wind.com/presentations/wwMessageDisplay/wwMessageDisplay.asp

From this you can re-direct AFTER the cookie was created.

+++ Rick ---

--

Rick Strahl
West Wind Technologies
http://www.west-wind.com/
http://www.west-wind.com/weblog/
http://www.west-wind.com/wwThreads/
----------------------------------
Making waves on the Web


I am having a difficult time with cookies. In my code, I need to allow a
user to login to my admin site. I figure I can set a cookie, then
authenticate them, and all should be well. This works, however, when I want
to log off the user, my cookie is giving my issues with the expiration date.
The expiration date is always "1/1/1," so I cannot delete the cookie.

The code below is my login logic. When I login a user, I create them a
cookie as persistant, then use FormsAuthentication.SetAuthCookie, then I
redirect them to the main admin page. When I debug the code, I can see that
the cookie does have a sensible expiration date, but after the
Response.Redirect, the sensible expiration date becomes "1/1/1." This is
killing me. Any thoughts?

Thanks.


HttpCookie cookie = new HttpCookie("MustSeeHomesAdmin");
cookie.Expires = System.DateTime.Now.AddDays(7);
cookie.Values["Persistent"] = "true";
cookie.Value = contact.UserPboID.ToString();
HttpContext.Current.Response.Cookies.Add(cookie);

// Authenticate the user
FormsAuthentication.SetAuthCookie( contact.UserPboID.ToString(),true);
// Redirect browser back to originating page
Response.Redirect( Request.UrlReferrer.AbsolutePath + "?mod=homes" );

 

[Alex]

As a work around, you may try using Request.Cookies.Remove("NameOfCookie");
as opposed to setting the expires as well. I will look into your method to
see if I can get it working. Thanks for the help.

Alex