Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Strange problem with cookies in Safari and Asp.net

I have a strange problem on my login page in Asp.net this problem only happens with Safari.

When the user is validated I fetch the name of the user from the database (the field in the database is UTF8) and save it in a cookie. The problem is that when the user has a name with special characters I get redirected to the page where I came from without being logged in. For example "Moller" works fine and the user is logged in but not "Møller".

Again this is only happening with Safari and when I have special characters in the name. The row that isn't working is: Response.Cookies["userInfo"]["name"] = getNameFromUserid(userid);

This is my code:

string userid = validUserWithEmail(TextBoxEmail.Text, TextBoxPassword.Text);
if (userid != null) {
    //VALID USER
    Response.Cookies["userInfo"].Expires = DateTime.Now.AddDays(30);
    Response.Cookies["userInfo"]["name"] = getNameFromUserid(userid);

    FormsAuthentication.RedirectFromLoginPage(userid, CheckBoxPersistCookie.Checked);
} 
else
{
    //NOT A VALID USER SHOW A MESSAGE FOR THE USER OR SOMETHING
}
like image 326
Martin Avatar asked Mar 16 '11 15:03

Martin


1 Answers

Safari will not set cookies with non-ASCII characters in their value and other browsers can be unpredictable in how they display non-ASCII characters. As semi-colon is also not allowed in cookie values for any browser I would recommend using UrlEncode/UrlDecode.

If you are just writing the cookie and do not have control over the site reading/displaying the value to put in the URLDecode you can also do something like this:

ckCookie.Value = (Server.HtmlEncode( strSpecialCharacters )).Replace(";","");

This will ensure the full string is set in the cookie and Safari, Chrome, Firefox and IE will still recognize the html codes even without the ; and does not require decoding when read.

For a longer answer on cookie specs see: Allowed characters in cookies

like image 56
Luke Avatar answered Oct 05 '22 13:10

Luke