I'm trying to get my site to play a flash video the first time, and only the first time, a user visits the site. Currently, I'm using ASP session tags to install a sessionid cookie into the users browsers.
<% Session("name")="blah"
Session.Timeout=7
%>
This method works fine in FF and Chrome, but IE8 doesn't seem to want to accept the cookie. I've tested it with IE's lowest security settings possible ("Accept all cookies"), but it still does not create any cookie. Is there any other way to make it so that all browsers will take the cookie?
Do you have a third-party toolbar installed that might be blocking cookies in IE?
You may also want to go to Internet Tools -> Privacy tab, and make sure cookies aren't being blocked there.
Related
This one's driving me nuts. I have a .Net Web Form app, not MVC. Works fine on localhost, also on a development server running server 2012, as an IP address it works fine on a UAT Server running 2012; but with a URL that is assigned to the same IP address for UAT it redirects to the default.aspx with each postback. Looking in IE, it shows same security level - Intranet, which forces Compatibility using F12 that compatibility shows as ie7 (I'm on IE11), plus everything else looks right in the IE settings. Trying from another PC with a different user, same results IP works, URL doesn't, and all IE settings appear to be the same. Fun thing, Chrome works fine with both URL and IP; but IETab in Chrome has the same issue (running as ie7 or ie11). Anything similar to this out on the Forums just say check Compatibility; which I've done. I can only assume something is weird with the URL or IIS not recognizing the URL for postback; but I don't understand what or why.
In the IE Tools menu select Compatibility View Settings. Then uncheck Display Intranet Sites in Compatibility View. For the life of me I don't know why that is the default setting.
Thanks for the reply. However, it turned out to be an Under Score in the URL. For some reason the Under Score caused the Session Cookie in the Post Back to be dropped. This was only true of Internet Explorer; all other browsers still included the Session Cookie. i.e. Dummy_URL would cause the issue but DummyURL would fix it.
We have a site on asp.net framework 2 (dashCommerce cms)
Month ago we noticed an error — one guy couldnt loggin from chrome on his own laptop. System didnt display any error messages, just redirected on main page in unauthorized state.
We couldnt reproduce the same issue on our computers in the same browser (btw it was chrome)
and decided that it had been connected with some undefinded local issue of that guy's laptop.
But then, i got the same issue on my computer. I couldnt login in the system in chrome. Other browsers worked excellent. And we could see the problem only on my computer. We tested the site on 5 different computers with exactly the same chrome version, and everybody could login excepting me.
It looked like asp.net authorized me successful (because if i entered wrong password i got a message about it) but chrome didnt accept cookies.
At this moment, i have that problem on my two computers, and i cant login using Chrome, IE and Opera. Only FF can login with no issues.
But other guys can easily login using such browser from them own computers.
We've been already spent almost two week puzzling our heads what the hell is going on. Nothing helps.
I noticed:
1. Even if i cant login, nevetheless the browser keeps the session — i can add few items in shopping cart and it wont be deleted. I can try to login, then check out the shopping cart and would see those added items.
If i change coockieless attribute to «Uri» then authorization worka fine, i can login using all sort of browsers, but in this case the site has terrible links, we cant allow it.
It makes me think that the problem is connected with a session but i cannt understand why i can login from another computer (the same browser, the same Windows7)
Does anybody has any ideas???
Could be related to page caching. You are logged in but receive a cached (not logged in) version of a page.
Try turning kernel mode caching off as a start.
And like Gregory said - capture your requests and see how it works. Pay special attention to set-cookie http headers.
forgot about this question.
We solved the problem: removed standard asp.net auth form and developed common form with manual processing of authorization.
I have an ASP.NET app which uses forms authentication with an option to persist cookie in the login screen. I am testing in local computer which means no web farms are used.
In Chrome and Firefox when I log in and persist cookie, then close the browser and then bring up the same page, I am already logged in. So far so good.
In IE however, when I load the same page after closing IE, I get the login screen instead of automatically being logged in. I checked the authentication cookie and noticed that the cookie is gone when I am in the login screen the second time. I see the cookie after logging in and I see it expires a month in the future. My guess the cookie gets deleted when IE closes. I don't know why this happens.
I have repeated this test several times. I see the authentication cookie after logging in but it's gone in the login screen.
"Empty temporary Internet Files Folder when browser is closed" is NOT checked in Tools->Advanced
I am using IE9 in IE8 standards mode in Windows 7 64bit.
Any ideas?
I didn't mention the fact the site uses https. In the test server where this issue occurred, I use a self-signed ssl certificate. When I installed my root authority cert, the problem seems to have gone. This issue happened in IE only.
There is a great blog from Erik Law about this. Check it for more details. Scroll down to section Troubleshooting Login Cookies. If you have specific question about anything, edit your question and let us know.
I'm developing an ASP.NET 4 webforms app on my Windows 7 PC. I'm running VS2010 and IIS7.5.
I have a weird problem where after a few page loads (anywhere from 1 to 20ish) I get NO response from IIS. I can't even hit a breakpoint in Application BeginRequest, I just get nothing. But, if I delete all cookies from the browser for the development domain, the website will load perfectly again for a few more requests.
This happens in all browsers I have installed (IE9, Firefox, Chrome, Safari, Opera).
However, if I deploy the app to our hosted server, all works fine.
Anyone had this issue before?
Many thanks for any help you can provide.
After the comments I add for reference here an answer.
This is an issue when you place too large cookie to the browser and browser can not handle them.
The reason that is play here, not play there maybe because of the data that you have type on it and save on cookies.
You can search for cookie limits on the internet and for different browsers. For ie for example http://support.microsoft.com/kb/306070
Try to keep the cookie size as low as you can.
From antmx
For reference, here is what I changed in web.config to fix this problem.
<roleManager cacheRolesInCookie="false" />
Note, though, that now a user's roles will be read from the database each time they're needed, which could cause a performance issue. (I am not think that there is any performance issue and is more secure this way)
An ASP.NET application (actually with Silverlight but it doesn't matter) is hosted in Outlook as folder home page. In this application there's a link to open popup window, which opens a separate IE window, not in Outlook.
The problem is that in this case it seems that ASP.NET session is lost. A call to ASP.NET service has nothing in Session and Session._id is different. I suspect that Outlook has different cookies than IE.
How do I preserve session when opening IE popup from Outlook? Maybe pass session id via URL somehow, or configure this in web.config?
Note that I don't want cookieless sessions.
I ran into this problem in the past and was never able to find a way around it since the browser in outlook is running under a totally different process and it's not even a typical IE environment. I had issues with pass through authentication as well if I recall.
When the same behavior is done in IE directly, it actually opens another window using the same session.
To recreate the process in IE that is occurring in Outlook just open an IE windown and go to your app. Then open a new IE window by clicking the shortcut (not spawning it from the current IE session) and copying and pasting a link into the address bar. This is essentially what Outlook is doing.
I would try passing the value of the user's ASP.NET_SessionId cookie in the url from Outlook, then on the page that's opened in IE check for that value on the url and duplicate the ASP.NET_SessionId cookie in the response before loading the page (perhaps in an IHttpModule before the session has even been loaded for the request).
I'm not 100% sure this would work in case ASP.NET has some built-in session hijacking security in place that would prevent you from manually duplicating the session cookie somehow, but that's where I would start.