authentication cookie not persist

[BH]

I developed a small web app using the FormsAuthentication class to set a
cookie (FormsAuthentication.SetAuthCookie(value, isPersist)). The cookie
persists fine on my local PC when "isPersist" is true and I can see the
cookie file in the cookies folder on my disk. However, after I migrated the
application to a server, the cookie is no longer written to the disk. It's
still in memory and as long as I don't close the browser instance, the user
is kept authenticated, but the cookie just doesn't persist to the disk.
It's exactly the same build and the virtual dirs are the same too. Any
environment change I have to make to the .NET framework on the server?

Thanks for any suggestions.

Bob

 

[John Saunders]

Both my PC and the server are on the same Windows network domain if that's
what you meant.

No. I meant domain in terms of cookies. For instance, for a cookie set for
http://msdn.microsoft.com could be set for domain "msdn.microsoft.com", in
which case it would be sent to all pages under msdn.microsoft.com or
foo.msdn.microsoft.com. It would not be sent to www.microsoft.com. But if
the domain were set to "microsoft.com", the cookie would be sent both to
msdn.microsoft.com and www.microsoft.com.

The domain for http://localhost/ is string.Empty.
--
John Saunders
Internet Engineer
(e-mail address removed)

I also found that any authentication ticket created and added to
Response.Cookies doesn't persist. However, if I just add a plain cookie
(like the two lines below), it persists regardless whether the web app is on
my PC or on the server.
Response.Cookies["test"].Value = "abc";
Response.Cookies["test"].Expires = DateTime.Now().AddDays(3);

migrated
the

This sounds like it might be an issue with browser security settings. Your
browser is willing to accept the cookie, but is not willing to persist it.

Is the domain different between your server and your local PC? Is it being
set when your code is running on the server?

 

[BH]

ic, but I don't see how you can set the cookie domain when calling
FormsAuthentication.SetAuthCookie.

Another thing is I tried the app directly in IE on the server via Terminal
Service using the http://localhost/myApp , the cookie is not written to the
disk either....

Both my PC and the server are on the same Windows network domain if that's
what you meant.

No. I meant domain in terms of cookies. For instance, for a cookie set for
http://msdn.microsoft.com could be set for domain "msdn.microsoft.com", in
which case it would be sent to all pages under msdn.microsoft.com or
foo.msdn.microsoft.com. It would not be sent to www.microsoft.com. But if
the domain were set to "microsoft.com", the cookie would be sent both to
msdn.microsoft.com and www.microsoft.com.

The domain for http://localhost/ is string.Empty.
--
John Saunders
Internet Engineer
(e-mail address removed)

I also found that any authentication ticket created and added to
Response.Cookies doesn't persist. However, if I just add a plain cookie
(like the two lines below), it persists regardless whether the web app

is

on
my PC or on the server.
Response.Cookies["test"].Value = "abc";
Response.Cookies["test"].Expires = DateTime.Now().AddDays(3);

I developed a small web app using the FormsAuthentication class to

set

a