A Very interesting cookie problem

Rakesh Roberts wrote:

I think I have a very interesting cookie problem.
I use form authentications on my application. Through out my
application I started using a toggle control that persists its value
for the session using cookies that it writes to on the client side
(using javascript). What happens sometimes it that the application
forces the user back to the authentication page ( the login page). I
suspect this has something to do with the limit on the number of
cookies per site (i read somewhere it being 20 per site and 300 per
client).

Is there a workaround for this situation?

Your forms auth seems to be expiring (or at least ASP.NET thinks so).

Here's the official word from Netscape's site:

There are limitations on the number of cookies that a client can store
at any one time. This is a specification of the minimum number of
cookies that a client should be prepared to receive and store.

* 300 total cookies
* 4 kilobytes per cookie, where the name and the OPAQUE_STRING
combine to form the 4 kilobyte limit.
* 20 cookies per server or domain. (note that completely specified
hosts and domains are treated as separate entities and have a 20 cookie
limitation for each, not combined)

Servers should not expect clients to be able to exceed these limits.
When the 300 cookie limit or the 20 cookie per server limit is exceeded,
clients should delete the least recently used cookie. When a cookie
larger than 4 kilobytes is encountered the cookie should be trimmed to
fit, but the name should remain intact as long as it is less than 4
kilobytes.

Interesting that the least used cookie could possibly be the forms auth
one. That one is checked every page request.....

Are you supposed to have this many cookies from your domain? Are you
sure you're not creating multiple ones yourself when not wanted?

--
Craig Deelsnyder
Microsoft MVP - ASP/ASP.NET

Rakesh Roberts wrote:

I think I have a very interesting cookie problem.
I use form authentications on my application. Through out my
application I started using a toggle control that persists its value
for the session using cookies that it writes to on the client side
(using javascript). What happens sometimes it that the application
forces the user back to the authentication page ( the login page). I
suspect this has something to do with the limit on the number of
cookies per site (i read somewhere it being 20 per site and 300 per
client).

Is there a workaround for this situation?

Your forms auth seems to be expiring (or at least ASP.NET thinks so).

Here's the official word from Netscape's site:

There are limitations on the number of cookies that a client can store
at any one time. This is a specification of the minimum number of
cookies that a client should be prepared to receive and store.

* 300 total cookies
* 4 kilobytes per cookie, where the name and the OPAQUE_STRING
combine to form the 4 kilobyte limit.
* 20 cookies per server or domain. (note that completely specified
hosts and domains are treated as separate entities and have a 20 cookie
limitation for each, not combined)

Servers should not expect clients to be able to exceed these limits.
When the 300 cookie limit or the 20 cookie per server limit is exceeded,
clients should delete the least recently used cookie. When a cookie
larger than 4 kilobytes is encountered the cookie should be trimmed to
fit, but the name should remain intact as long as it is less than 4
kilobytes.

Interesting that the least used cookie could possibly be the forms auth
one. That one is checked every page request.....

Are you supposed to have this many cookies from your domain? Are you
sure you're not creating multiple ones yourself when not wanted?

--
Craig Deelsnyder
Microsoft MVP - ASP/ASP.NET