Chrome losing cookies

Question

I am getting a error on my live site which i am not seeing on my Dev environment and it seems to only happen with Chrome. I have looked around a bit for a solution to this and i find issues only with the Auth cookie. (I actually raised an issue about chrome and the auth cookie in the past) but this is different.

I store the users cart in a cookie. I set the cookie like so

HttpCookie responseCookie = HttpContext.Response.Cookies[CartHelper.CART];
responseCookie.PackCartCookie(vm.Cart);

Where the extension method PackCartCookie set the cookie value like so

cookie.Value = HttpUtility.UrlEncode(cookieValue);

This results is a cookie being stored with the following settings

• Domain = www.foo.com
• RawSize = 230b
• Path = /
• Expires = Session
• HttpOnly = HttpOnly
• Value = Encrypted

When a user is interacting with the site it seems that the Cart Cookie is being created but it is being lost or dropped from time to time. When i look at the Elmah error and review HTTP_COOKIE I can see all the other cookies (I have others set in the same way which function fine) but i do not see the cart cookie.

I have had to change code to be more defensive because of this issue. But as you can imagine the cart cookie is used through out the purchase process and i have had fails when responding to a purchase where i accept payment but the system crashes as the cart is gone and the user is not notified of a successful buy. Luckily i caught this early and refunded users affected.

User Agents where I have seen the issue

• Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.62 Safari/537.36
• Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.57 Safari/537.36
• Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.62 Safari/537.36

Answer 1

let me give you a solution. i have used the cookies for storing most of the values here and is very much working in all browsers and is stored for the particular mentioned time. for this i have used static classes to be accessible every where.

I have also encoded and decoded here. but you can store this by removing encoding and decoding and passing normal. Here's my code

Here i put my class with the static methods. I used HttpSecureCode with Encode and Decode using machine key cryptography. which might not be available by default in this case. you can directly put the value instead.

If you are very particular about using HttpSecureCode then use this link for building up your class

public class CookieStore
{
    public static void SetCookie(string key, string value, TimeSpan expires)
    {
        HttpCookie encodedCookie = HttpSecureCookie.Encode(new HttpCookie(key, value));

        if (HttpContext.Current.Request.Cookies[key] != null)
        {
            var cookieOld = HttpContext.Current.Request.Cookies[key];
            cookieOld.Expires = DateTime.Now.Add(expires);
            cookieOld.Value = encodedCookie.Value;
            HttpContext.Current.Response.Cookies.Add(cookieOld);
        }
        else
        {
            encodedCookie.Expires = DateTime.Now.Add(expires);
            HttpContext.Current.Response.Cookies.Add(encodedCookie);
        }
     }
    public static string GetCookie(string key)
    {
        string value = string.Empty;
        HttpCookie cookie = HttpContext.Current.Request.Cookies[key];

        if (cookie != null)
        {
            // For security purpose, we need to encrypt the value.
            HttpCookie decodedCookie = HttpSecureCookie.Decode(cookie);
            value = decodedCookie.Value;
        }
        return value;
    }

}

using these you can easily store values in cookie and fetch value whenever required

using these methods is as simple as

For Setting Cookie:

CookieStore.SetCookie("currency", "GBP", TimeSpan.FromDays(1)); // here 1 is no of days for cookie to live

For Getting Cookie:

string currency= CookieStore.GetCookie("currency");