I had to disable cookies for some testing in a web application. now for some reason in IE I cannot get cookies working on localhost any more. They work as expected in Safari, Firefox, and Chrome, but for some unknown reason I cannot for the life of me get cookies working on localhost. I have tried literally every setting imaginable with absolutely no luck. If I change the Url to 'localhost." it works as expected, but when I just use "localhost", without the "." period, cookies are absolutely not written. What the heck did i do? I tried upgrading to IE 9 and that didn't work. I reverted back to IE 8 and still have the same problem. I'm going absolutely mad trying to firgure out what is causing this. I tried tools, internet options, privacy, advanced, and explicit tell the browser to accept all 1st and 3rd party cookies and I'll be damned if I'm on a localhost site, the cookies are not written. This has worked perfect in the past, so it's no doubt some setting I changed but I cannot for the life of me figure out what the hell is going on. If anyone has any idea of how I can remedy this, please do let me know. I've tried every setting imaginable with absolutely no luck. I hate internet explorer but that a conversation for a different day.
go into tools, internet options, advanced, and hit the reset button. Put everything back to factory defaults :)
At my wit's end, I just decided to try using http://127.0.0.1/... instead of http://localhost/.... It works. Had a similar problem with Safari and same solution worked there. Hope it works for you.
Were you by chance using a tool like Fiddler2? Check your connection settings etc... I have had IE get hung in a weird state after using web proxy tools.
#Hcabnettek try to set IE caching settings to Always Refresh from server in Developer Tools.
That might be problem and also try adding one extra querystring containing some random values to your page URL every time because you can never be sure about cache is enabled or disabled at client side, so adding random values in URL's querystring will trigger IE to load new cache for that different page URL.
Hope that helps you, because it helped me also.
Related
At my work, we are finally upgrading our old Identity Server 3 to 4. We just got a very weird problem doing so. Everything works fine in all major browsers, but we also need to support some Electron clients. Here is where the weird part begins. All very old clients using Electron version 3 still work. All newer clients starting at Electron 9 also work. The only clients that don't work are the ones using Electron 6 (Chrome 76).
I already found this very helpful article written by Sebastian Gingter which helped to get the login working. But it only got me one step further. Now the client gets stuck at the connect/authorize/callback endpoint using the response_mode = form_post.
I already found some articles/stackoverflow questions pointing out to check the redirect URIs and to downgrade the CSP to version 1. The redirect URIs are configured correctly since the other clients work. The CSP does not help since I don't even get that far. It seems that the response body is never even loaded by Electron/Chrome.
Devtools Timing Screenshot
The request never finishes. On the server-side, it does though. I debugged through the IS 4 code and the dynamic HTML is written to the response like with all the other clients. I even called CompleteAsync() on the response manually and it still did not finish.
I researched and debugged for quite some time now and am out of ideas. Does anyone out there know this issue and more importantly also knows how to fix it?
We have two sites with different subdomains. Sometimes our employees lose their cookies (they are just gone) on both domains at the same time so they get logged out.
I don't really see how our app can be responsible, because we have different server configurations (and for each site there're multiple servers btw). I guess only nginx versions (1.10.3) are the same. Plus this does not explain why do they get logged out on both sites at the same time.
If it helps, we use rails (3/5), unicorn (4.8.3/5.3.0), on older app sessions are stored in redis and in the new one in cookies.
So I wonder maybe there're some browser (security) policies when it clears cookies. Maybe on some ssl connection error, ip changes or whatever.
I understand that this is not definitive problem description but it seems like magic to us atm so I hope that someone encountered something like this.
P.S. btw we tried to ask one of our employees to use firefox instead of Chrome (that is used by all of them) but it does not seem to be making any difference (he wasnt logged out for a week but then he was like every 20 minutes)
I've seen a lot of different topics about this but none of the have solved my problem. I can't even reach my mvc site. I get this error before i even get to my loginpage. It seems that there is some problems with the cookies that it saves the cookies for to long but i have set it to not save the cookies at all now. I have changed the properties in my .csproj file that i found one topic about but i still have the same error. I have deleted all the cookies in this mapp "AppData\Roaming\Microsoft\Windows\Cookies" in hope to delete the cookie that is to long but this didn't solve my problem.
I'm starting to think that maybe this have nothing to do with the cookies? Plz help!
I'm starting to think that maybe this have nothing to do with the cookies?
That is correct, this has nothing to do with cookies. As per MSDN, 404.15 indicates the query string is longer than IIS is configured to accept.
As for why your query string is too long, I can only guess. But something in your application is adding too much information to the URL.
I am using the code from this article: http://weblogs.asp.net/jeff/archive/2009/07/01/304-your-images-from-a-database.aspx to cache the images I am returning from the database but I am having a problem when the user changes the image the browser is not going back to the server to check the timestamp.
I have tested this in Chrome and IE9 and chrome almost always goes back to the server to check the timestamp and if it has been edited it returns the new image, IE9 never does unless I ctrl+F5 to refresh the page.
Is there a cross browser solution that anyone knows of to make sure the browser always makes a call to the server so I can check the timestamp?
Many thanks for any help.
Setting the expiration date to the current date/time forced it to always check with the server.
Response.Cache.SetExpires(DateTime.Now);
The same solution of user351711 with a different syntax:
Response.Cache.SetCacheability(System.Web.HttpCacheability.NoCache);
In one of my MVC3 web applications I have recently noticed some strange looking Urls in the analytics reports.
The Urls look like they have an encoded value injected into the route but seem to match the routes as if the encoded value was not there.
Normal Url
/MyWebsite/Controller/Action
Appears in the logs occasionally as
/MyWebsite/(F(B5l-uGhiwA7p6lMmAdzwc27qHH8p5Kdmy5l3ixub7-meZ315Xm-uOtFl_w8RRdki4pf_yhRysEOVZ93xPV3yxDkn5XhXaY5PLara_kiqFb8BlHDZkzqv6wHgOgMTWgUF0))/Controller/Action
I have tested this on the server and local machine and it resolves to the controller regardless of the presence of the inserted value.
They appear to follow a certain pattern so I tested using other variations
/MyWebsite/(F(anything-here))/Controller/Action
Resolves fine, I can also replace the F with any other letter
/MyWebsite/(A(anything-here))/Controller/Action
However, putting more than 1 letter or other character in place of the F does not resolve
/MyWebsite/(AB(anything-here))/Controller/Action = 404 Error
I thought it may be something to do with Cookieless sessions but the information I have found suggests that this isn't supported in MVC anyway. Does anyone know what this is, or if it is anything to worry about?
EDIT:
Turning off cookies for a local browser, I set the session state to 'Auto Detect' in IIS manager and it gave me a key in the URL that looks strikingly similar to the pattern described above.
When I try to actually log in without Cookies it doesn't seem to work, but perhaps that's another issue.
Setting IIS manager to 'Use Cookies' and accessing using a browser with cookies turned off (I used Opera with option 'Never accept cookies' in Advanced preferences) didn't seem to create the URL as before, but judging by the similarities it must at least explain why it matches the routes.
Since IIS is set to 'Use Cookies' on my server, I'm not sure why the URLs are being generated, but at least I now know what they are. Perhaps this is an attempt at Session hijacking...
This does indeed look like session data stored in the URL. It's a feature of ASP.NET and works just fine with MVC as well. Look in the IIS manager for the Session State icon of your website and it's Cookie Settings Mode is most likely set to Auto Detect. This might cause it to fall back to URI mode in case cookies are not supported.