5

I am getting a error on my live site which i am not seeing on my Dev environment and it seems to only happen with Chrome. I have looked around a bit for a solution to this and i find issues only with the Auth cookie. (I actually raised an issue about chrome and the auth cookie in the past) but this is different.

I store the users cart in a cookie. I set the cookie like so

HttpCookie responseCookie = HttpContext.Response.Cookies[CartHelper.CART];
responseCookie.PackCartCookie(vm.Cart);

Where the extension method PackCartCookie set the cookie value like so

cookie.Value = HttpUtility.UrlEncode(cookieValue);

This results is a cookie being stored with the following settings

  • Domain = www.foo.com
  • RawSize = 230b
  • Path = /
  • Expires = Session
  • HttpOnly = HttpOnly
  • Value = Encrypted

When a user is interacting with the site it seems that the Cart Cookie is being created but it is being lost or dropped from time to time. When i look at the Elmah error and review HTTP_COOKIE I can see all the other cookies (I have others set in the same way which function fine) but i do not see the cart cookie.

I have had to change code to be more defensive because of this issue. But as you can imagine the cart cookie is used through out the purchase process and i have had fails when responding to a purchase where i accept payment but the system crashes as the cart is gone and the user is not notified of a successful buy. Luckily i caught this early and refunded users affected.

User Agents where I have seen the issue

  • Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.62 Safari/537.36
  • Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.57 Safari/537.36
  • Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.62 Safari/537.36
Shiva Saurabh
  • 1,281
  • 2
  • 25
  • 47
KevDevMan
  • 808
  • 11
  • 23
  • The cookie is Session only, are you redirecting to another site or service to handle the payments? If so the session will be dead and hence the cookie gone.... – Mesh Sep 04 '13 at 08:30
  • I am not redirecting but i am hosting a payment portal in a iFrame which calls back to the site. But why do my other session cookies survive and this one does not? – KevDevMan Sep 04 '13 at 09:03
  • 1
    What size are your other cookies?, on chrome i think the total size can only be 4k. http://stackoverflow.com/q/2543851/15710. Im not sure a cookie is the best way to store a users cart, ASP.Net has other methods, Session for example. – Mesh Sep 04 '13 at 09:40
  • Its not the cookie size, combined all my cookies don't make 1k. I have noticed that Chrome sometime makes two of my session cookies. Each with different domains (i am not setting the domain via code which could be the issue). One with a domain www.mysite.com and the other with just .mysite.com. Could the issue be with my cookie domain value? – KevDevMan Sep 04 '13 at 09:50
  • Yep that sounds like it – Mesh Sep 04 '13 at 10:02
  • You didn't install a Chrome cookie monster extension? – Bronumski Sep 10 '13 at 15:55
  • Hope you are calling a Response. Cookies. Add somewhere In the code... – Saravanan Dec 24 '13 at 16:32
  • iFrames contain a different domain and window object, so the auth cookie wouldn't be passed to the iFrame. – tzengia Jan 02 '14 at 20:59

1 Answers1

2

let me give you a solution. i have used the cookies for storing most of the values here and is very much working in all browsers and is stored for the particular mentioned time. for this i have used static classes to be accessible every where.

I have also encoded and decoded here. but you can store this by removing encoding and decoding and passing normal. Here's my code

Here i put my class with the static methods. I used HttpSecureCode with Encode and Decode using machine key cryptography. which might not be available by default in this case. you can directly put the value instead.

If you are very particular about using HttpSecureCode then use this link for building up your class

public class CookieStore
{
    public static void SetCookie(string key, string value, TimeSpan expires)
    {
        HttpCookie encodedCookie = HttpSecureCookie.Encode(new HttpCookie(key, value));

        if (HttpContext.Current.Request.Cookies[key] != null)
        {
            var cookieOld = HttpContext.Current.Request.Cookies[key];
            cookieOld.Expires = DateTime.Now.Add(expires);
            cookieOld.Value = encodedCookie.Value;
            HttpContext.Current.Response.Cookies.Add(cookieOld);
        }
        else
        {
            encodedCookie.Expires = DateTime.Now.Add(expires);
            HttpContext.Current.Response.Cookies.Add(encodedCookie);
        }
     }
    public static string GetCookie(string key)
    {
        string value = string.Empty;
        HttpCookie cookie = HttpContext.Current.Request.Cookies[key];

        if (cookie != null)
        {
            // For security purpose, we need to encrypt the value.
            HttpCookie decodedCookie = HttpSecureCookie.Decode(cookie);
            value = decodedCookie.Value;
        }
        return value;
    }

}

using these you can easily store values in cookie and fetch value whenever required

using these methods is as simple as

For Setting Cookie:

CookieStore.SetCookie("currency", "GBP", TimeSpan.FromDays(1)); // here 1 is no of days for cookie to live

For Getting Cookie:

string currency= CookieStore.GetCookie("currency");
Shiva Saurabh
  • 1,281
  • 2
  • 25
  • 47