set-cookie seemingly ignored by Chrome but not IE? Weird expiration issue? 302 Redirect? Good Gawd, y'all

Question

I'm setting a cookie with an expiration date via ASP.NET using code similar to this

System.Web.Security.FormsAuthenticationTicket ticket = new System.Web.Security.FormsAuthenticationTicket(1, uname, DateTime.UtcNow, DateTime.UtcNow.AddDays(30), bool_persist, "some custom string data here");

string encrypted_ticket = System.Web.Security.FormsAuthentication.Encrypt(ticket);

HttpCookie auth_cookie = new HttpCookie(System.Web.Security.FormsAuthentication.FormsCookieName, encrypted_ticket);
auth_cookie.HttpOnly = true;

if (persist) //passed in to method as parameter
{
     auth_cookie.Expires = DateTime.UtcNow.AddDays(30);
}
auth_cookie.Domain = ".mydomainname.com";
Response.Cookies.Set(auth_cookie);

I am additionally setting another cookie in the same request to persist some other data then I redirect to another page.

The following header comes through on the response

HTTP/1.1 302 Found
Location: /redirect_to_this_page
Set-Cookie:.myAuthCookie=TRUNCATED_ENCRYPTED_DATA_FOR_READABILITY; domain=.mydomainname.com; expires=Sun, 27-Nov-2011 20:27:16 GMT; path=/; HttpOnly
Set-Cookie:__MyOtherCookie=; domain=full.mydomainname.com; expires=Thu, 28-Oct-2010 20:27:24 GMT; path=/; HttpOnly

On the request for the /redirect_to_this_page, I don't see the header being sent for some reason.

Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Cache-Control:max-age=0
Connection:keep-alive
Cookie:__utma=113888769.1619895090.1322774580.1322774580.1322774580.1;     __utmb=113888769.5.8.1322774827282; __utmc=113888769;     __utmz=113888769.1319833259.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=
Host:full.mydomainname.com
Referer:http://full.mydomainname.com/referring_page_that_set_cookies
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.2 (KHTML, like Gecko)         Chrome/15.0.874.106 Safari/535.2

Any ideas how to solve this issue? The __MyOtherCookie gets set on every request.

Thanks
Mustafa

---

EDIT

Some discoveries: IE9 works properly. Chrome does not set the cookie after getting the Set-Cookie header if it has an expiration date.

So if I send the cookie without an expiration (so it gets treated like a session cookie by the browser, killed when the browser is closed), the cookie is always set properly and all requests contain the correct cookie.

In the words of Jon Stewart.... Whaaa?

Answer 1

We had the same issue with Chrome (version 21.0.1180). Despite that we see expiration date on Header, some Chrome in Windows XP ignored it. Then we removed the Expiration Date and Chrome accepted keep the session cookie without problems.

Answer 2

We had similar symptoms when moving our code from one server to another. Our login would set an expiring cookie on a redirect when login was successful. On the new server Firefox worked fine but Chrome and Safari failed (I didn't try IE). All worked on the old server. After comparing the headers/responses of two cases, I discovered the server time on the new server was set so that the time provided in the cookie expiration had already passed when the cookie was set!

We were serving stale cookies.

Setting the time properly on the new server made it work.

Assumption: FF works because it compares the expiration timestamp with the response header's Date: value - the other two must use the local machine's OS time?