stackoom
  简体   繁体   中英

ASP.NET Forms authentication cookie not set in IE9 regardless of browser cookie settings

 原文  2012-02-03 04:57:51       asp.net/ authentication/ cookies

Question

We have an ASP.NET application running on .NET 3.5 and are running into a problem with the forms authentication cookie not being set on IE9. We can see in the HTTP headers that the Set-Cookie header exists in the response, but the following request does not include that cookie.

I've tried changing every setting in IE that I could find that might relate to cookies and nothing helped. Specifically:

Tools > Options > Security > Trusted Sites > Added..

Tools > Options > Security > Uncheck 'Enable Protected Mode'

Tools > Options > Privacy > Accept All Cookies (lowest)

Tools > Options > Privacy > Sites > Added..

Tools > Options > Privacy > Advanced > Override automatic..

Tools > Options > Privacy > Advanced > Always allow session cookies

Here's the headers for the response with the cookie followed by the next request which doesn't include it: 

HTTP/1.1 302 Found
Date: Sun, 29 Jan 2012 01:45:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: /Default.aspx
Set-Cookie: MyApp=34C244EF0AAD...; expires=Sun, 29-Jan-2012 03:45:17 GMT; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 8520


GET /Default.aspx HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://app.myserver.edu/sec/login.aspx
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; MALC)
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: app.myserver.edu
Pragma: no-cache
Cookie: ASP.NET_SessionId=nybswv45aezj5wioscv832jg

Is there any way to find out why IE9 is not setting the cookie? Anything I can adjust in my Web.config that would affect this? My authentication section is this: 

    <authentication mode="Forms">
        <forms name="MyApp" loginUrl="/sec/login.aspx"/>
    </authentication>

2 answers

solution1
 2 ACCPTED  2012-02-06 20:57:17

Simon Svensson was right in his comment. The headers posted above are old, but not as old as the date in the header. The server time is off by a few days so when the server is sending the expires time, even though it's two hours ahead of the server response time, it's past the expiration time according the the client clock.

Fixing the server clock resolved the issue. Thanks Simon!

solution2
 0  2012-02-03 05:25:07

If you are loading the ASP.NET website within an IFRAME, you will need to include P3P headers. See Cookie blocked/not saved in IFRAME in Internet Explorer

I believe your site is working on Chrome, Firefox etc since you specifically mentioned IE9.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question ASP.NET Forms Authentication Cookie Differences in Between IE and Firefox ASP.NET Forms Authentication Cookie Missing asp.net forms authentication cookie ASP.NET Forms Authentication and Persistent Authentication Cookie Security Cookie and Authentication -ASP.net ASP.NET Authentication cookie Authentication Cookie in asp.net Facebook Connect & ASP.NET Forms Authentication - Timing/Cookie Problem Forms Authentication Cookie value vulnerability in asp.net ASP.Net Forms Authentication cookie is passed across sessions
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM