Cookies Expiring due to different time zones.

[Omer]

hi Everyone,
I am using ASP.Net 2.0. When user logins, I check the credential and
then made the cookie. My hoster's server is in Arizona region and I am
in Pakistan. I set cookie's expiration time as 4 hours. It works
perfectly fine on my PC and many other PCs which have correct time.
But, if I set date to some old date, user is simply unable to login.
This makes sense as probably cookie timing is not matching. Dilemma is
that many users at home do not have correct time and probably thats
why, everyday we get 4-5 mails at support maintaining that they are
unable to login. Can you please tell me what I can do to resolve this
issue. This is the code I am using to create the ticket,

FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
this.loginUser1.UserName, DateTime.Now, DateTime.Now.AddHours(4),
this.loginUser1.RememberMeSet, userData);

string cookieStr = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new
HttpCookie(FormsAuthentication.FormsCookieName, cookieStr);
if (this.loginUser1.RememberMeSet)
{
cookie.Expires = ticket.Expiration;
}

cookie.Path = FormsAuthentication.FormsCookiePath;
Response.Cookies.Add(cookie);

And this is what I am doing in Global.asax's
Application_AuthenticateRequest function,

if (!(HttpContext.Current.User == null))
{
if (HttpContext.Current.User.Identity.AuthenticationType ==
"Forms")
{
System.Web.Security.FormsIdentity id;
id =
(System.Web.Security.FormsIdentity)HttpContext.Current.User.Identity;
string[] userData = id.Ticket.UserData.Split(new
string[] { "," },

StringSplitOptions.RemoveEmptyEntries);

HttpContext.Current.User = new
System.Security.Principal.GenericPrincipal(id, userData);
}
}

Bye,
Omer

 

[Omer]

Hi Guys,
I will really appreciate, if someone can give me some guidance.
Bye,
Omer.

 

[Juan T. Llibre]

re:

I set cookie's expiration time as 4 hours. It works
perfectly fine on my PC and many other PCs which have correct time.
But, if I set date to some old date, user is simply unable to login.

That makes sense, given that users should not
remain authenticated when their tickets have expired.

re:

Can you please tell me what I can do to resolve this
issue. This is the code I am using to create the ticket,

Your code is fine. It works as it should.
Your problem is that you're using an extremely short time for the cookie expiration.

Is there any reason for you not to set the expiration to 25 hours ?
That would overlap all timezones, eliminating the problem.

hi Everyone,
I am using ASP.Net 2.0. When user logins, I check the credential and
then made the cookie. My hoster's server is in Arizona region and I am
in Pakistan. I set cookie's expiration time as 4 hours. It works
perfectly fine on my PC and many other PCs which have correct time.
But, if I set date to some old date, user is simply unable to login.
This makes sense as probably cookie timing is not matching. Dilemma is
that many users at home do not have correct time and probably thats
why, everyday we get 4-5 mails at support maintaining that they are
unable to login. Can you please tell me what I can do to resolve this
issue. This is the code I am using to create the ticket,

FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
this.loginUser1.UserName, DateTime.Now, DateTime.Now.AddHours(4),
this.loginUser1.RememberMeSet, userData);

string cookieStr = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new
HttpCookie(FormsAuthentication.FormsCookieName, cookieStr);
if (this.loginUser1.RememberMeSet)
{
cookie.Expires = ticket.Expiration;
}

cookie.Path = FormsAuthentication.FormsCookiePath;
Response.Cookies.Add(cookie);

And this is what I am doing in Global.asax's
Application_AuthenticateRequest function,

if (!(HttpContext.Current.User == null))
{
if (HttpContext.Current.User.Identity.AuthenticationType ==
"Forms")
{
System.Web.Security.FormsIdentity id;
id =
(System.Web.Security.FormsIdentity)HttpContext.Current.User.Identity;
string[] userData = id.Ticket.UserData.Split(new
string[] { "," },

StringSplitOptions.RemoveEmptyEntries);

HttpContext.Current.User = new
System.Security.Principal.GenericPrincipal(id, userData);
}
}

Bye,
Omer

 

[Omer]

Actually its not exactly the time zone problem. Problem is that many
users in my country do not really have maintained PCs, which mean that
there is a high possibility that their PC date is not correct. My
cookie is setting time according to my server. If some one tries to
login on 8th December and his PC has the date 20th July then he is
just not able to login. Is there any way I can set cookie expiration
time according to client PC. I am showing a warning on the 'Trouble
Login Page?' but we all know that people take this as a developmnt
fault instead of thinking that this is how technology is supposed to
work. You just can't give this excuse to users

re:

I set cookie's expiration time as 4 hours. It works
perfectly fine on my PC and many other PCs which have correct time.
But, if I set date to some old date, user is simply unable to login.

That makes sense, given that users should not
remain authenticated when their tickets have expired.

re:

Can you please tell me what I can do to resolve this
issue. This is the code I am using to create the ticket,

Your code is fine. It works as it should.
Your problem is that you're using an extremely short time for the cookie expiration.

Is there any reason for you not to set the expiration to 25 hours ?
That would overlap all timezones, eliminating the problem.

hi Everyone,
I am using ASP.Net 2.0. When user logins, I check the credential and
then made the cookie. My hoster's server is in Arizona region and I am
in Pakistan. I set cookie's expiration time as 4 hours. It works
perfectly fine on my PC and many other PCs which have correct time.
But, if I set date to some old date, user is simply unable to login.
This makes sense as probably cookie timing is not matching. Dilemma is
that many users at home do not have correct time and probably thats
why, everyday we get 4-5 mails at support maintaining that they are
unable to login. Can you please tell me what I can do to resolve this
issue. This is the code I am using to create the ticket,

FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
this.loginUser1.UserName, DateTime.Now, DateTime.Now.AddHours(4),
this.loginUser1.RememberMeSet, userData);

string cookieStr = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new
HttpCookie(FormsAuthentication.FormsCookieName, cookieStr);
if (this.loginUser1.RememberMeSet)
{
cookie.Expires = ticket.Expiration;
}

cookie.Path = FormsAuthentication.FormsCookiePath;
Response.Cookies.Add(cookie);

And this is what I am doing in Global.asax's
Application_AuthenticateRequest function,

if (!(HttpContext.Current.User == null))
{
if (HttpContext.Current.User.Identity.AuthenticationType ==
"Forms")
{
System.Web.Security.FormsIdentity id;
id =
(System.Web.Security.FormsIdentity)HttpContext.Current.User.Identity;
string[] userData = id.Ticket.UserData.Split(new
string[] { "," },

StringSplitOptions.RemoveEmptyEntries);

HttpContext.Current.User = new
System.Security.Principal.GenericPrincipal(id, userData);
}
}

Bye,
Omer

 

[Hans Kesting]

Actually its not exactly the time zone problem. Problem is that many

users in my country do not really have maintained PCs, which mean that
there is a high possibility that their PC date is not correct. My
cookie is setting time according to my server. If some one tries to
login on 8th December and his PC has the date 20th July then he is
just not able to login. Is there any way I can set cookie expiration
time according to client PC. I am showing a warning on the 'Trouble
Login Page?' but we all know that people take this as a developmnt
fault instead of thinking that this is how technology is supposed to
work. You just can't give this excuse to users

Maybe this:
on the login page, add some javascript function that automatically
fills some hidden input with the current date/time, as reported by the
client PC. Use this date as the basis for your cookie timeout (as an
absolute expiry date).

Hans Kesting

 

[Juan T. Llibre]

re:

Problem is that many sers in my country do not really have maintained PCs,
which mean that there is a high possibility that their PC date is not correct.

You cannot program to cover all people's stupidities.

re:

Is there any way I can set cookie expiration time according to client PC.

1. set the cookie with javascript in your aspx login page
2. post to your aspx login, sending the cookie's date in a hidden field
3. read the cookie's date/time (in the hidden field) before logging in the user
4. set the aspx login cookie using the date/time in the hidden field

That might get tricky, though.

re:

we all know that people take this as a developmnt fault instead of thinking that
this is how technology is supposed to work. You just can't give this excuse to users

That's not an excuse. Educate your users.
Telling your users that the site needs their clocks set to the correct date is OK.





Actually its not exactly the time zone problem. Problem is that many
users in my country do not really have maintained PCs, which mean that
there is a high possibility that their PC date is not correct. My
cookie is setting time according to my server. If some one tries to
login on 8th December and his PC has the date 20th July then he is
just not able to login. Is there any way I can set cookie expiration
time according to client PC. I am showing a warning on the 'Trouble
Login Page?' but we all know that people take this as a developmnt
fault instead of thinking that this is how technology is supposed to
work. You just can't give this excuse to users

re:

I set cookie's expiration time as 4 hours. It works
perfectly fine on my PC and many other PCs which have correct time.
But, if I set date to some old date, user is simply unable to login.

That makes sense, given that users should not
remain authenticated when their tickets have expired.

re:

Can you please tell me what I can do to resolve this
issue. This is the code I am using to create the ticket,

Your code is fine. It works as it should.
Your problem is that you're using an extremely short time for the cookie expiration.

Is there any reason for you not to set the expiration to 25 hours ?
That would overlap all timezones, eliminating the problem.

hi Everyone,
I am using ASP.Net 2.0. When user logins, I check the credential and
then made the cookie. My hoster's server is in Arizona region and I am
in Pakistan. I set cookie's expiration time as 4 hours. It works
perfectly fine on my PC and many other PCs which have correct time.
But, if I set date to some old date, user is simply unable to login.
This makes sense as probably cookie timing is not matching. Dilemma is
that many users at home do not have correct time and probably thats
why, everyday we get 4-5 mails at support maintaining that they are
unable to login. Can you please tell me what I can do to resolve this
issue. This is the code I am using to create the ticket,

FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
this.loginUser1.UserName, DateTime.Now, DateTime.Now.AddHours(4),
this.loginUser1.RememberMeSet, userData);

string cookieStr = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new
HttpCookie(FormsAuthentication.FormsCookieName, cookieStr);
if (this.loginUser1.RememberMeSet)
{
cookie.Expires = ticket.Expiration;
}

cookie.Path = FormsAuthentication.FormsCookiePath;
Response.Cookies.Add(cookie);

And this is what I am doing in Global.asax's
Application_AuthenticateRequest function,

if (!(HttpContext.Current.User == null))
{
if (HttpContext.Current.User.Identity.AuthenticationType ==
"Forms")
{
System.Web.Security.FormsIdentity id;
id =
(System.Web.Security.FormsIdentity)HttpContext.Current.User.Identity;
string[] userData = id.Ticket.UserData.Split(new
string[] { "," },

StringSplitOptions.RemoveEmptyEntries);

HttpContext.Current.User = new
System.Security.Principal.GenericPrincipal(id, userData);
}
}

Bye,
Omer