1

Although this question may seem as a duplicate of other questions, it is not.

I have a basic asp.net web application and I simply want to retrieve client time. Here are the problems I encountered:

1- Using C# code DateTime.Now basically gives the dateTime of the place of the server. So obviously it is not useful.

2- Then, I tried to get the datetime from JavaScript (browser time). Past stackoverflow questions suggest that I should use a HiddenField. But it is useful as long as a button ignites a functions which would assign datetime value to a hiddenfield. I tried to assign the datetime value to hiddenfield with window.onload function (so that hiddenvalue can get datetime when the page loads). Another problem occured: according to asp.net page lifecycle, javascript code comes after the page_load event. So another fail.

3- Here is the ultimate solution I came up with:

First, I wrote a JS function that creates a cookie of the offset when called:

function createZoneCookie() {

            var zone = new Date().getTimezoneOffset() / -60

            var date = new Date();
            date.setTime(date.getTime() + (30 * 24 * 60 * 60 * 1000));
            expires = "; expires=" + date.toGMTString();

            document.cookie = "clienttzone=" + zone + expires + "; path=/";
        }

Then, I used the following code located in the codebehind(c#):

 protected void Page_Load(object sender, EventArgs e)
    {
        if (Request.Cookies["clienttzone"]==null)
        {
            ScriptManager.RegisterStartupScript(this,GetType(), "Javascript", "javascript:createZoneCookie(); ", true);

        }
    }

It works fine, but!! As you know user can access to my js function using the inspect (F12) button in their browser. Thus, they can alter my code and give a false dateTime or even worse create their own arbitrary cookies. And as I was told, it is impossible to make a JS code invisible to the user.

How the hell do people retrieve user timezone without compromising sensitive code?

PLUS Is there a way by which the server side code can use a client-side returning-function? Let me clarify:

ScriptManager.RegisterStartupScript(this,GetType(), "Javascript", "javascript:createZoneCookie(); ", true);

I have used the above code to run a function from the server side but as you know the createZoneCookie function is a void-type function.

My question is: can I get a value from a JS function from the C# side of my code?

this question didn't work because the accepted answer doesn't adress to the question of serverside-clientside value pass.

xandune
  • 55
  • 6
  • You might want to include which questions look like duplicates but aren't, and why they aren't what you need. This looks on target: https://stackoverflow.com/questions/2853474/can-i-get-the-browser-time-zone-in-asp-net-or-do-i-have-to-rely-on-js-operations – Scott Hannen Dec 13 '21 at 20:46
  • You can't. Your code is a guest on the client machine, behave like a good guest. I may have all sorts of settings on my PC that have no relationship to its geographical location (language, formats, offset, etc.), so don't expect that they will. Just deal with things as they appear. – RobG Dec 14 '21 at 00:18
  • BTW, your function that "*creates a cookie of the timezone*" doesn't, it just gets the offset. ;-) – RobG Dec 14 '21 at 00:22
  • @ScottHannen You are right. I included the link you referred into my question and explained why it isn't what I am looking for. Will do the same for other similar question that didn't work for me. Thanks – xandune Dec 14 '21 at 16:16
  • @RobG Yeah you are right, I was so focused with the question I subconsciously simplified the function to its ultimate purpose. Thanks for pointing that out... – xandune Dec 14 '21 at 16:18
  • The client and the server won't share the same cookies. Ultimately the client will pass the offset to the server in the request, like in the body or the header. Yes, the client can pass a bogus value. You can validate it to prevent, for example, a 43-hour offset. Other than that, if the client modifies the request to "lie" about the time zone, how bad is that, really? – Scott Hannen Dec 14 '21 at 16:49
  • @ScottHannen well I agree, normally it wouldn't be a big problem. But I am trying to make a web app similar to gmail so by modifying that cookie users can mix the order of the mails (received mails are ordered by their sent time). But you are right, as a worst case scenario I'll give up – xandune Dec 14 '21 at 18:14

0 Answers0