CODEWITHSUNDEEP
asp.netasp.net-mvcasp.net-mvc-4authenticationauthorization
Jitendra Pancholi
Jitendra Pancholi

Reputation: 7562

More than 1KB cookie is not saving in my MVC4 application

In my mvc 4 application, i'm creating auth cookie with some other information. It works fine i f the data is less than 1KB, but when it exceeds 1Kb, cookie never creates.

As per my knowledge, max cookie size is apx 4KB. My code is below.

if (result.Status == ActionStatus.Success)
{
    AuctionSiteApplication = result.Data;

    CreateCustomAuthorisationCookie(AuctionSiteApplication.User.Email, obj.RememberMe, new JavaScriptSerializer().Serialize(AuctionSiteApplication));
    if ((AuctionSiteApplication.User.UserType == UserType.SUAdmin) || (AuctionSiteApplication.User.UserType == UserType.Admin))
    {
        return RedirectToAction("Index", "Dashboard", new { area = "Admin" });
    }
    else
    {
        return RedirectToAction("Index", "Home", new { area = "" });
    }
}


protected void CreateCustomAuthorisationCookie(String user_name, Boolean is_persistent, String custom_data)
{
    FormsAuthenticationTicket auth_ticket =
        new FormsAuthenticationTicket(
            1, user_name,
            DateTime.Now,
            DateTime.Now.AddMinutes(30),
            is_persistent, custom_data, ""
        );

    String encrypted_ticket_ud = FormsAuthentication.Encrypt(auth_ticket);
    HttpCookie auth_cookie_ud = new HttpCookie(Cookies.UserCookie, encrypted_ticket_ud);
    if (is_persistent) auth_cookie_ud.Expires = auth_ticket.Expiration;
    System.Web.HttpContext.Current.Response.Cookies.Add(auth_cookie_ud);    
}


protected override void OnAuthorization(AuthorizationContext filter_context)
{
    if (Request.RawUrl.ToLower().Contains("www.")) filter_context.Result = RedirectPermanent(Request.RawUrl.ToLower().Replace("www.", ""));
    HttpCookie auth_cookie = Request.Cookies[Cookies.UserCookie];

    #region If auth cookie is present
    if (auth_cookie != null)
    {
        FormsAuthenticationTicket auth_ticket = FormsAuthentication.Decrypt(auth_cookie.Value);
        AuctionSiteApplication = new JavaScriptSerializer().Deserialize<AuctionSiteApplication>(auth_ticket.UserData);
        System.Web.HttpContext.Current.User = new System.Security.Principal.GenericPrincipal(new FormsIdentity(auth_ticket), null);
        ViewBag.AuctionSiteApplication = AuctionSiteApplication;
        base.OnAuthorization(filter_context);
    }
    #endregion

    // Rest Code 
    ...
}

Below is the data which i am trying to store in cookie which is not saving

{"User":{"UserID":1,"Email":"[email protected]","FirstName":"abc","LastName":"Arora","UserType":2,"UserCompanies":[{"CompanyId":35,"CompanyName":"New Company","CompanyRoleId":96,"IsAdmin":true},{"CompanyId":36,"CompanyName":"tryrtyr","CompanyRoleId":103,"IsAdmin":true},{"CompanyId":37,"CompanyName":"abc","CompanyRoleId":109,"IsAdmin":false},{"CompanyId":35,"CompanyName":"New Company","CompanyRoleId":98,"IsAdmin":false},{"CompanyId":37,"CompanyName":"abc","CompanyRoleId":109,"IsAdmin":false},{"CompanyId":37,"CompanyName":"abc","CompanyRoleId":109,"IsAdmin":false},{"CompanyId":37,"CompanyName":"abc","CompanyRoleId":109,"IsAdmin":false},{"CompanyId":37,"CompanyName":"abc","CompanyRoleId":109,"IsAdmin":false},{"CompanyId":37,"CompanyName":"abc","CompanyRoleId":109,"IsAdmin":false},{"CompanyId":36,"CompanyName":"tryrtyr","CompanyRoleId":105,"IsAdmin":false}],"IsAuthenticated":true},"Company":{"CompanyId":0,"CompanyName":null,"CompanyRoleId":96,"IsAdmin":true}}

Below is the data which i am trying to store in cookie which is saving properly

{"User":{"UserID":2,"Email":"[email protected]","FirstName":"abc","LastName":"Arora","UserType":1,"UserCompanies":[{"CompanyId":35,"CompanyName":"New Company","CompanyRoleId":0,"IsAdmin":false},{"CompanyId":36,"CompanyName":"tryrtyr","CompanyRoleId":0,"IsAdmin":false},{"CompanyId":37,"CompanyName":"abc","CompanyRoleId":0,"IsAdmin":false}],"IsAuthenticated":true},"Company":{"CompanyId":0,"CompanyName":"SUAdmin","CompanyRoleId":2,"IsAdmin":false}}

Upvotes: 0

Views: 209

Answers (1)

P&#233;ter
P&#233;ter

Reputation: 2181

I still think there is no reason to store these datas in the cookie. You have to verify them against your database every time so you gain nothing.
However the problem is that your data is 968 (1KB) character and after the encription it's larger than 4KB.
UPDATE:
I try and my test result that the encrypted string generated by Enrypt method is 4032 byte. I think it's too close to the limit. With the other data of the cookie I'm sure it's exceeds the limit.

Upvotes: 1

Related Questions