搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

Why are cookies not updated in the request when meta refresh is used?

  • 1 个回答
  • 5 人有此问题
  • 9 次查看
  • 最后回复者为 jimberg98

more options

I've written a web site that uses IIS Forms Authentication. It's configured to use authentication tickets with a sliding expiration. FireFox allows the ticket to expire while it works fine with Internet Explorer.

The web site uses a Keep Alive page that uses the meta refresh tag to periodically post back to the server to keep authenticated. This is done because some users have a need to use another web site that does not run in IIS and we don't want their authentication to time out while they are there.

I used Fiddler to monitor the requests and responses and found that when IIS sends the updated cookie with the authentication ticket containing the revised expiration date, the cookie appears to be accepted by FireFox (according to CookieSafe as recorded in the error console Ctrl-shift-J). When the meta refresh occurs, the browser sends the original request with the obsolete cookie. This keeps occurring until the expiration time is up on the ticket. IIS keeps sending new cookies but they seem to be ignored. IE, on the other hand, accepts the cookie and you see it in the next request for the keep alive page.

I figure it might be related to caching, but I think I disabled that and it still does it. I'm going to try adding a random code to the KeepAlive url but I can't see why that should matter. Why wouldn't FireFox send the cookies as the values are set? I'm hoping this can be fixed with a simple config change.

I've written a web site that uses IIS Forms Authentication. It's configured to use authentication tickets with a sliding expiration. FireFox allows the ticket to expire while it works fine with Internet Explorer. The web site uses a Keep Alive page that uses the meta refresh tag to periodically post back to the server to keep authenticated. This is done because some users have a need to use another web site that does not run in IIS and we don't want their authentication to time out while they are there. I used Fiddler to monitor the requests and responses and found that when IIS sends the updated cookie with the authentication ticket containing the revised expiration date, the cookie appears to be accepted by FireFox (according to CookieSafe as recorded in the error console Ctrl-shift-J). When the meta refresh occurs, the browser sends the original request with the obsolete cookie. This keeps occurring until the expiration time is up on the ticket. IIS keeps sending new cookies but they seem to be ignored. IE, on the other hand, accepts the cookie and you see it in the next request for the keep alive page. I figure it might be related to caching, but I think I disabled that and it still does it. I'm going to try adding a random code to the KeepAlive url but I can't see why that should matter. Why wouldn't FireFox send the cookies as the values are set? I'm hoping this can be fixed with a simple config change.

所有回复 (1)

more options

I was able to figure out what the problem was. The initial authentication cookie had a blank cookie domain while the new cookies that IIS would try to reissue had a domain name. IE doesn't seem to care but FireFox did. FireFox should have logged an error but instead said it was accepted.

My app works as it's supposed to now.