I came across a most unusual issue with an ASP.NET website – all users on the website were finding that their logins were good for only a couple of minutes before they were being logged out. After about a week, users were completely unable to log in. As soon as an attempt was made, they were redirected back to the login screen with no error messages displayed. Interestingly, this was only happening with IE (a least versions 8, 9 and 10) and also with Safari. Firefox and Chrome were not affected. Also, if an incorrect username or password was used the expected error message was displayed.
The website uses the built-in membership ASP.NET modules with a slightly modified database and has a cookie set with a 30-minute sliding expiration. After much clearing of cookies and caches it turns out the solution was a lot simpler than anticipated.
In case you’re experiencing the same issue and this saves you countless hours and handfuls of hair: check your server time. If you run a script showing UTC time to be off by anything but a few minutes, you’re going to get invalid cookies, which are rejected immediately by IE and Safari. The other browsers don’t appear to be too picky about this, but if you are seeing issues limited to these browsers it’s a fairly good indicator that this is the source of your issue.
It’s always the simplest solutions that solve the most frustrating problems…
Leave a Reply
You must be logged in to post a comment.