4

I developed an ASP.NET MVC website, using the nopCommerce platform. Everything works ok on the production server, but I recently encountered a problem regarding cookies, on the development server. The browser receives the cookie, but it does not set it. I can see the Set-Cookie statement in the headers or the actual cookie in the cookies tab, using browser developer tools. Why does the browser not set this cookie? 

Set-Cookie:Pentrugatit.client=78deb2e0-59fb-4193-a53e-da35377ece8b; expires=Fri, 19-Jun-2015 19:33:10 GMT; path=/; HttpOnly

the received cookie

the Pentrugatit.client cookie is not set

You can access the website here, as long as my development server is turned on.

Update:

I also tested from another computer in the network. Same thing happening. The cookies are not set, altough they are received in the response headers.

Update 2:

It has something to do with the expires date. If I remove the expires property of the cookie, then it is succesfully set as a session cookie. But I do not understand what the problem is. My system date is set correctly, and the cookie expires date is also set correctly, according to the specifications.

Any ideas what the problem might be?

Marius Stănescu
  • 3,603
  • 2
  • 35
  • 49
  • I have Chrome - Version 35.0.1916.153 m. I can register a new user, and login with new user in [your site](http://cerebro.go.ro/kitchen2.0). Could you test it with private browsing? – Win Jun 19 '14 at 20:15
  • Does not work for me with private browsing either ... Could you also test if you can add products to the shopping cart without being logged in? There is a different cookie. Add some products to the shopping cart, then check the shopping cart page, please. – Marius Stănescu Jun 19 '14 at 20:55

1 Answers1

2

Which version of nopCommerce are you using?

nopCommerce has a browserCaps feature that blocks unknown browsers (which are then considered as bots) from storing cookies. Old browserCaps can incorrectly recognize a valid browser as a bot if the browser version did pass the rules in browserCaps.

The file can be found under: Presentation\Nop.Web\browserCaps.config. If you are using an old version of nopCommerce, you can just copy the latest version (nopCommerce 3.30) of the same file to replace your current version.

:)

UPDATE 2014-06-24:

After some analysis, it turned out the date returned by IIS is wrong. Similar issue: https://serverfault.com/questions/217343/date-header-returned-by-iis7-is-wrong

Community
  • 1
  • 1
wooncherk
  • 1,364
  • 7
  • 10
  • Thank you for the answer. I am using nopCommerce 3.10. I downloaded the source for 3.30 and checked for differences in the browserCaps.config file, but there aren't any. So this is not problem. In addition, I explained that I receive the cookie in the response, but this cookie is not set in the browser. Any other ideas are very welcome. – Marius Stănescu Jun 23 '14 at 09:44
  • I am not sure why your cookie reads "Pentrugatit.client=...". It should read "Nop.customer=...". Have you changed anything there? Perhaps you've changed WebWorkContext.cs? :) – wooncherk Jun 23 '14 at 14:02
  • Yes, I have changed its name a while ago. Everything worked fine after the change. I don't think this problem is related to the cookie name. I only changed the cookie name, nothing else. – Marius Stănescu Jun 23 '14 at 17:54
  • When I check the response header, I saw the server sending back the date with - Date:Tue, 26 Sep 2017 11:45:24 GMT. I believe the correct behavior would be to calculate the expiry time based on server date instead of browser date. This could be the reason. Perhaps you should reset the server date to an accurate date? – wooncherk Jun 24 '14 at 07:28
  • The expiry date is based on the server date. Here is the code: *cookie.Expires = DateTime.Now.AddHours(24*365);*. What do you mean by "Perhaps you should reset the server date to an accurate date"? – Marius Stănescu Jun 24 '14 at 07:45
  • If you analyse the response header, you find that the date returned by IIS is wrong: http://i.minus.com/ibnaHmtKZ51eii.JPG – wooncherk Jun 24 '14 at 08:05
  • Oh, now I see. I am pretty sure that is why the cookie is not set (Date: 2017, Expires: 2015). Do you have any idea why that date in the response headers is not the same as the system date? My system date is fine (24.06.2014). In the meanwhile, maybe you can put the above comment in an answer, so that I can mark it as answer. – Marius Stănescu Jun 24 '14 at 08:34
  • Answer updated, together with possible fixes for the IIS issue. :) – wooncherk Jun 24 '14 at 08:39