This has to be a very common question, but my search did not come up with an
answer.
I needed to set an expiration time for a cookie. In .NET, is seems that the
server-side code is used to set the expiration date of the cookie. More
specifically, I've seen several examples (from the Microsoft site) where the
cookie information, including the expiration date is set on the server. I
wonder how this can work. If the client and server do not have the same time
stamp, how can this work. For example, if the expiration time is 20 min and
the client is 12 hours forward in time, as soon as the request returns to
the client, the cookie is expired and no longer "issued".
It seems to me that the server either needs to take into account, the
client's time when the expiry time is set.
I noticed that in some documentation, the expires flag is supposed to use
GMT. But if the user plays with the date
on their machine, the cookie may be prevented from expiring.
What is wrong with my logic?
Thanks
Rick 4 2214
Since the server is the one issuing the cookie and doing so on their 'clock'
it logically makes sense that the expiration date specified is that of the
server. In other words, the server has no knowledge of what time zone,
date, etc. of the requesting client computer. Why should it? It's not
necessary and having all the cookies issued timed/date stamped under one
clock makes things a whole lot easier for the server to manage state.
The server sends cookie information to the requesting source, the web
browser. From there, expiration and removal of the cookie is the browser's
responsibility. In creating the actual cookie (file) the browser may
translate GMT to local time when creating the cookie.
Hope this helps.
--
Peter O'Reilly
> Since the server is the one issuing the cookie and doing so on their
'clock' it logically makes sense that the expiration date specified is that of the server.
Thanks for your response.
(Assuming that the client and server has the same time zone but for what
ever reason, the clocks are out of sync.)
Is this not the problem.
I mean, the server specifies (logically) 3:00 PM July 27 (expiry for 10 min)
The client machine has 9:00 PM July 27. So technically, this cookie has
expired.
As I understand from the description, the Browser will not issue the cookie
any more since it is expired
an it will not get persisted. This is what I observed in some software that
I'm working with. The symptom is
that the Login page keeps re-appearing. If I synchronize the time, then the
problem goes away. However,
on the internet, I have no control over client's time.
Thanks
Rick
"Peter O'Reilly" <Pe***********@timeinc.com!N!O!.S!P!AM!> wrote in message
news:ut**************@tk2msftngp13.phx.gbl... Since the server is the one issuing the cookie and doing so on their
'clock' it logically makes sense that the expiration date specified is that of the server. In other words, the server has no knowledge of what time zone, date, etc. of the requesting client computer. Why should it? It's not necessary and having all the cookies issued timed/date stamped under one clock makes things a whole lot easier for the server to manage state.
The server sends cookie information to the requesting source, the web browser. From there, expiration and removal of the cookie is the
browser's responsibility. In creating the actual cookie (file) the browser may translate GMT to local time when creating the cookie.
Hope this helps. -- Peter O'Reilly
> Since the server is the one issuing the cookie and doing so on their
'clock' it logically makes sense that the expiration date specified is that of the server.
Thanks for your response.
(Assuming that the client and server has the same time zone but for what
ever reason, the clocks are out of sync.)
Is this not the problem.
I mean, the server specifies (logically) 3:00 PM July 27 (expiry for 10 min)
The client machine has 9:00 PM July 27. So technically, this cookie has
expired.
As I understand from the description, the Browser will not issue the cookie
any more since it is expired
an it will not get persisted. This is what I observed in some software that
I'm working with. The symptom is
that the Login page keeps re-appearing. If I synchronize the time, then the
problem goes away. However,
on the internet, I have no control over client's time.
Thanks
Rick
"Peter O'Reilly" <Pe***********@timeinc.com!N!O!.S!P!AM!> wrote in message
news:ut**************@tk2msftngp13.phx.gbl... Since the server is the one issuing the cookie and doing so on their
'clock' it logically makes sense that the expiration date specified is that of the server. In other words, the server has no knowledge of what time zone, date, etc. of the requesting client computer. Why should it? It's not necessary and having all the cookies issued timed/date stamped under one clock makes things a whole lot easier for the server to manage state.
The server sends cookie information to the requesting source, the web browser. From there, expiration and removal of the cookie is the
browser's responsibility. In creating the actual cookie (file) the browser may translate GMT to local time when creating the cookie.
Hope this helps. -- Peter O'Reilly
Any Comments?
Thanks
"Rickey Tom" <ri********@hotmail.com> wrote in message
news:%2****************@TK2MSFTNGP10.phx.gbl... Since the server is the one issuing the cookie and doing so on their 'clock' it logically makes sense that the expiration date specified is that of
the server.
Thanks for your response.
(Assuming that the client and server has the same time zone but for what ever reason, the clocks are out of sync.)
Is this not the problem. I mean, the server specifies (logically) 3:00 PM July 27 (expiry for 10
min) The client machine has 9:00 PM July 27. So technically, this cookie has expired. As I understand from the description, the Browser will not issue the
cookie any more since it is expired an it will not get persisted. This is what I observed in some software
that I'm working with. The symptom is that the Login page keeps re-appearing. If I synchronize the time, then
the problem goes away. However, on the internet, I have no control over client's time.
Thanks Rick
"Peter O'Reilly" <Pe***********@timeinc.com!N!O!.S!P!AM!> wrote in message news:ut**************@tk2msftngp13.phx.gbl... Since the server is the one issuing the cookie and doing so on their 'clock' it logically makes sense that the expiration date specified is that of
the server. In other words, the server has no knowledge of what time zone, date, etc. of the requesting client computer. Why should it? It's not necessary and having all the cookies issued timed/date stamped under one clock makes things a whole lot easier for the server to manage state.
The server sends cookie information to the requesting source, the web browser. From there, expiration and removal of the cookie is the browser's responsibility. In creating the actual cookie (file) the browser may translate GMT to local time when creating the cookie.
Hope this helps. -- Peter O'Reilly
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Yossi |
last post by:
I want to set the asp session id path property.
how can I do that?
I mean, asp session id is stored in a cookie and like any other cookie
it should have properties (or attributes), how can I...
|
by: socialism001 |
last post by:
I'm trying to store a value in a cookie but its not working. Can
anyone see what I might be doing wrong.
Thanks,
Chris
~~~~~~~~~~~~~~~~~~
<script language="javascript">...
|
by: VB Programmer |
last post by:
PLEASE HELP....
I'm having trouble. In my login form after I've verified the
username/password are valid I do this:
Select Case iMyPrivilege
Case 0
Dim arrRoles() As String = {"guest"}...
|
by: Bill Borg |
last post by:
Hello all,
I am working on forms authentication and trying to understand: what's the
relationship between the cookie expiration and the ticket expiration? I
create a cookie and I add an...
|
by: jensen bredal |
last post by:
Hello,
i'm struggling with a somehow badly understood session scenario.
I provide acces to my pages based on form authentication using
Session cookies.
Som of my pages are supposed to be...
|
by: serge calderara |
last post by:
Dear all,
I try to make some test on how to use basic cookie but get some trouble in
the sens that I was not able to read back previous cretaed cookies.
In page_load event I have the following...
|
by: Phillip N Rounds |
last post by:
I'm having trouble with using cookies to monitor the stages of login.
I have a two stage Registration page ( register.aspx ) and my target page
( MyPage.aspx )
I'm using a cookie named LoginStatus...
|
by: zorro |
last post by:
Greetings,
I want users to select the duration time of their sessions. I'm able to
do it by setting the PHPSESSID cookie duration. Is this reliable, or is
it not recommended for some reason?
...
|
by: cmrchs |
last post by:
Hi,
In Windows Vista: where does asp.net write its cookies?
I use
HttpCookie objCookie = new HttpCookie("nameCookie");
in Win2000 (and later) they used to be in
C:\Documents and...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
| |