Reputation: 74919
ASP.NET Forms authentication cookie not set in IE9 regardless of browser cookie settings
We have an ASP.NET application running on .NET 3.5 and are running into a problem with the forms authentication cookie not being set on IE9. We can see in the HTTP headers that the Set-Cookie header exists in the response, but the following request does not include that cookie.
I've tried changing every setting in IE that I could find that might relate to cookies and nothing helped. Specifically:
Tools > Options > Security > Trusted Sites > Added..
Tools > Options > Security > Uncheck 'Enable Protected Mode'
Tools > Options > Privacy > Accept All Cookies (lowest)
Tools > Options > Privacy > Sites > Added..
Tools > Options > Privacy > Advanced > Override automatic..
Tools > Options > Privacy > Advanced > Always allow session cookies
Here's the headers for the response with the cookie followed by the next request which doesn't include it:
HTTP/1.1 302 Found
Date: Sun, 29 Jan 2012 01:45:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: /Default.aspx
Set-Cookie: MyApp=34C244EF0AAD...; expires=Sun, 29-Jan-2012 03:45:17 GMT; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 8520
GET /Default.aspx HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://app.myserver.edu/sec/login.aspx
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; MALC)
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: app.myserver.edu
Pragma: no-cache
Cookie: ASP.NET_SessionId=nybswv45aezj5wioscv832jg
Is there any way to find out why IE9 is not setting the cookie? Anything I can adjust in my Web.config that would affect this? My authentication section is this:
<authentication mode="Forms">
<forms name="MyApp" loginUrl="/sec/login.aspx"/>
</authentication>
Upvotes: 3
Views: 4551
Answers (2)
Reputation: 74919
Simon Svensson was right in his comment. The headers posted above are old, but not as old as the date in the header. The server time is off by a few days so when the server is sending the expires time, even though it's two hours ahead of the server response time, it's past the expiration time according the the client clock.
Fixing the server clock resolved the issue. Thanks Simon!
Upvotes: 2
Reputation: 3796
If you are loading the ASP.NET website within an IFRAME, you will need to include P3P headers. See Cookie blocked/not saved in IFRAME in Internet Explorer
I believe your site is working on Chrome, Firefox etc since you specifically mentioned IE9.
Upvotes: 0
Related Questions
- IE not saving asp.net authentication token / cookies
- set-cookie not working for IE11/10 after clearing cache
- Can't get cookies to set in IE9
- asp.net form authenciation cookie does not work in ie8
- Cookies working in Firefox and Chrome, not IE9
- ASP.NET authentication cookie disappears, only in IE, only from specific locations
- Cookie is not setting in IE9
- FormsAuthentication.SetAuthCookie not working in IE9 or Chrome
- IE8 & ASP.Net Forms Authentication Cookies fail when opening multiple browsers
- ASP.NET FormsAuthentication Cookie Problem