ASP.NET - cookie issue IE - Asked By Andy Kalbvleesch on 15-Mar-12 04:13 PM

Earn up to 50 extra points for answering this tough question.
Hi all,

Longtime not been here. Anyway I have an issue. Here is the case: We  have people coming to our domain on a landingpage: http://www.ourdomain.com/landing.aspx. In this page we set a cookie at the visitor his webbrowser. On landing.aspx we have a link that redirects the person to another website http://www.customerdomain.com/this.aspx (these are our clients) where we have a script installed: <script type="text/javascript" src="http://www.ourdomain.com/purchase.aspx?crid=d7732a4ffcad47f484b65dd04094d3b6"></script>.

In purchase.aspx we want to collect the cookie info that we placed. However; this works fine for all browsers accept for IE unless we don't set an expiration date in the cookie... ??? The problem is however when we don't set the expiration date the cookie gets destroyed when the user closes his browser... but we do need a cookie that stays longer than a session...

Anybody seen this issue ?


Thanx all.

Andy.
[)ia6l0 iii replied to Andy Kalbvleesch on 15-Mar-12 10:28 PM
A shorter way is to set expiration date to a longer date for the cookie. I don't know for sure, though. 

Go thru this MSDN blog post, and scroll down to the "Troubleshooting Login Cookies" section. That has some IE specific troubleshooting steps.
http://blogs.msdn.com/b/ieinternals/archive/2009/09/11/troubleshooting-stored-login-problems-in-ie.aspx

Have you though about Single sign on for your partner websites?

D Company replied to Andy Kalbvleesch on 16-Mar-12 12:23 AM
Hello Andy,

First thing i dont think that there is any exact  syntax for what you are looking . if u dont set the expiry date it causes the cookie to expire at the end of the session. as suggested in previous post u can  pick some arbitrarily large value.

Second workaround that u can try, is if possible try to get the session value(Expire time of session either set the session time out and assign that time to a variable and when user redirects to client page , check how long user was in main page and set the cokie expiration) and set the cookie expiry accordingly.

Regards
D

Reena Jain replied to Andy Kalbvleesch on 16-Mar-12 02:04 AM
Hi,

yes andy, above all post are correct. If you do not set an expiration date for them then they are held in memory an will be removed once the browser is closed.

So Just put the longer date to prevent to cookie for browser.
or you can use database trick means put the flag when user will logged in and check the flag on page load to check whether he is logged in or not but don't forget to set flag false back when user logged out.

let me know your views
Andy Kalbvleesch replied to Reena Jain on 18-Mar-12 09:54 AM
It turned out I had to include a P3P header (in my global.asax)  and all the necessary files... Problem is fixed now
Somesh Yadav replied to Andy Kalbvleesch on 19-Mar-12 01:34 AM
I've found a Solution to the problem.
There's a setting in Internet Explorer 7.

Goto
Internet Options >> Privacy >> Advanced
Click --> Override Automatic Cookie Handling
              ( Make Sure it is Checked )

For First Party & Third Party Cookies Select Accept as an option.

Click --> Always Allow Session Cookies.
              ( Make Sure it is Checked )

Click on OK. 
Now your Session Cookies won't get Automatically Deleted.