For some time this has been a problem, but very sporadic and difficult to isolate.
From time to time, authenticated browsers in a web application have been open for some time, they have registered and left the same web application several times, they have several tabs in almost any browser (Chrome, IE, Firefox, Safari) and, apparently, by chance, they lose the ability to save AuthCookie after installation and to accompany redirection. Closing the browser and starting a new session solves the problem, as did opening another browser and attempting authentication.
Our team uses authentication for all of our websites and web applications. This is a fairly typical setting, in which the login form is displayed, the user enters the credentials, and the cookie is set in the click postbackback event, then redirection occurs on the same page where the cookie is then linked and used to complete authentication.
In this situation
FormsAuthentication.FormsCookieName = ".WebAuth"
Inside the event:
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, Username, DateTime.Now, DateTime.Now.AddMinutes(SessionTimeout), false, Username); HttpCookie faCookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(authTicket)); Response.Cookies.Add(faCookie); Response.Redirect(Request.RawUrl, true);
After redirecting to PreInit:
HttpCookie authCookie = Request.Cookies[cookieName];
At this point, the authCookie variable is usually not null, but in these isolated circumstances that I described above, the cookie is returned after the redirect.
This happens in a very random way, sometimes a few weeks before affecting one of our developers. As I said, restarting the browser fixes the problem.
Today it happened on our dev server when using Chrome. I registered with the application, allowed the application to wait for a session, and then tried to log in again. When trying to log in, the cookie could not be set. I remotely connected Visual Studio to a process on the server to start debugging. All the time when I could execute my code, even deploy new versions of the code on the server with updates, restart the application, restart IIS on the server, attach and join the project, and the problem persists in Chrome. In Firefox, I was able to authenticate without problems.
From Chrome, the login will be verified, try setting Cookie Response as described above. Before the redirect, I could see the correctly set Cookie Response, as well as a copy of it in the cookie files. However, with each redirect after an apparently successful login to the cookie system, the Response and Request Cookies are gone.
I turned on Trace in the app to view the collection of cookies:
The request cookie collection also contains .WebAuth, as well as ASP.NET_SessionId and several ASPSESSIONIDxxxxxxxx, but when loading the page, only ASP.NET_SessionId and ASPSESSIONIDxxxxxxxx cookies are available in the Request.Cookies area, there are no .WebAuth signs. However, there are several cookies in the page trace information after rendering. WebAuth, it is just that the page does not seem to have access to them.
First of all, in the working version, after authentication, the Trace info page has both .WebAuth Response and Request Cookie. But in a broken browser window Cookie Response is missing.
Anyone else have experience? This is such a grumbling problem and so sporadic, but I would really like to solve it. I am concerned that this may affect users, and we will not know, because the description of the problem is so confusing.