We are using the following code to create the security cookie. Everything works fine in Staging environment, however in the production environment the following code is unable to create a cookie in Safari, Chrome or IE but it does create a cookie successfully in Firefox. anything that you guys think i am missing or is wrong in here ?
我们使用以下代码来创建安全cookie。在Staging环境中一切正常,但是在生产环境中,以下代码无法在Safari,Chrome或IE中创建cookie,但它确实在Firefox中成功创建了cookie。你们认为我遗失或错在这里的任何事情?
public static void SetAuthenticationCookie(CustomIdentity identity)
{
ConfigSettings configSettings = ConfigHelper.GetConfigSettings();
string cookieName = configSettings.CookieName;
if (cookieName == null || cookieName.Trim() == String.Empty)
{
throw new Exception("CookieName entry not found in Web.config");
}
string cookieExpr = configSettings.CookieExpiration.ToString();
string encryptedUserDetails = Encrypt(identity);
HttpCookie userCookie = new HttpCookie(cookieName.ToUpper());
if (cookieExpr != null && cookieExpr.Trim() != String.Empty)
{
userCookie.Expires = DateTime.Now.AddMinutes(int.Parse(cookieExpr));
}
userCookie.Values["UserDetails"] = encryptedUserDetails;
userCookie.Values["Culture"] = configSettings.Customer.Culture;
MyContext.Current.Response.Cookies.Add(userCookie);
}
3 个解决方案
#1
Safari and IE8 don't accept third-party cookies by default.
Safari和IE8默认不接受第三方cookie。
When you call out to another domain using JSONP, every cookie set by that script will be blocked by Safari and IE8. There is nothing you can do about that (in IE8, you could add a P3P policy, but that doesn't work in Safari).
当您使用JSONP呼叫另一个域时,该脚本设置的每个cookie都将被Safari和IE8阻止。你无能为力(在IE8中,你可以添加一个P3P策略,但这在Safari中不起作用)。
There are workarounds for maintaining state across JSONP calls, but it's pretty complicated (you'll have to manage state manually and use document.cookie in the called javascript)
有关于在JSONP调用中维护状态的解决方法,但它非常复杂(您必须手动管理状态并在调用的javascript中使用document.cookie)
As an alternative, you can ask your users to lower the privacy settings in their browser, but this isn't something worth considering IMHO.
作为替代方案,您可以要求您的用户降低浏览器中的隐私设置,但这不是值得考虑的恕我直言。
#2
did you check whether you have Web Developer add-on and disabled cookies? or disabled cookies inside of FF?
你检查过你是否有Web Developer附加和禁用cookie? FF内部或禁用的cookie?
#3
I've seen this issue related to the server having the incorrect UTC date/time. Firefox accepts regardless of the server date/time but other browsers won't set the cookie if the date/time is outside of a certain margin of error.
我见过这个问题与服务器的UTC日期/时间不正确有关。无论服务器日期/时间如何,Firefox都会接受,但如果日期/时间超出一定的误差范围,则其他浏览器不会设置cookie。
#1
Safari and IE8 don't accept third-party cookies by default.
Safari和IE8默认不接受第三方cookie。
When you call out to another domain using JSONP, every cookie set by that script will be blocked by Safari and IE8. There is nothing you can do about that (in IE8, you could add a P3P policy, but that doesn't work in Safari).
当您使用JSONP呼叫另一个域时,该脚本设置的每个cookie都将被Safari和IE8阻止。你无能为力(在IE8中,你可以添加一个P3P策略,但这在Safari中不起作用)。
There are workarounds for maintaining state across JSONP calls, but it's pretty complicated (you'll have to manage state manually and use document.cookie in the called javascript)
有关于在JSONP调用中维护状态的解决方法,但它非常复杂(您必须手动管理状态并在调用的javascript中使用document.cookie)
As an alternative, you can ask your users to lower the privacy settings in their browser, but this isn't something worth considering IMHO.
作为替代方案,您可以要求您的用户降低浏览器中的隐私设置,但这不是值得考虑的恕我直言。
#2
did you check whether you have Web Developer add-on and disabled cookies? or disabled cookies inside of FF?
你检查过你是否有Web Developer附加和禁用cookie? FF内部或禁用的cookie?
#3
I've seen this issue related to the server having the incorrect UTC date/time. Firefox accepts regardless of the server date/time but other browsers won't set the cookie if the date/time is outside of a certain margin of error.
我见过这个问题与服务器的UTC日期/时间不正确有关。无论服务器日期/时间如何,Firefox都会接受,但如果日期/时间超出一定的误差范围,则其他浏览器不会设置cookie。