Why won't asp.net create cookies in localhost?

Question

Okay, this is really kinda starting to bug me. I have a simple Web project setup located at: "C:\Projects\MyTestProject\". In IIS on my machine, I have mapped a virtual directory to this location so I can run my sites locally (I understand I can run it from Visual Studio, I like this method better). I have named this virtual directory "mtp" and I access it via http://localhost/mtp/index.aspx. All this is working fine.

However, whenever I try to create a cookie, it simply never gets written out? I've tried this in FF3 and IE7 and it just plain won't write the cookie out. I don't get it. I do have "127.0.0.1 localhost" in my hosts file, I can't really think of anything else I can do. Thanks for any advice.

James

What are you using to check for the existence of the cookie? — John Sheehan, Dec 23 '08 at 22:17
Could you provide a sample code for the cookie creation part? — Darin Dimitrov, Dec 23 '08 at 22:18
Possible duplicate of http://stackoverflow.com/questions/1134290/cookies-on-localhost-with-explicit-domain/27870967#27870967 — john ktejik, Jan 09 '15 at 23:30

Sire · Answer 1 · 2017-12-07T13:10:14.533

94

The cookie specs require two names and a dot between, so your cookiedomain cannot be "localhost". Here's how I solved it:

Add this to your %WINDIR%\System32\drivers\etc\hosts file: 127.0.0.1 dev.livesite.com
When developing you use http://dev.livesite.com instead of http://localhost
Use ".livesite.com" as cookiedomain (with a dot in the beginning) when creating the cookie. Modern browsers doesn't require a leading dot anymore, but you may want to use anyway for backwards compability.
Now it works on all sites:

edited Dec 07 '17 at 13:10

answered Apr 26 '10 at 14:31

Sire

3,620
3
33
67

5

Awesome post, why is this not selected as the answer? – contactmatt May 14 '13 at 19:53
3

This is definitely the answer. – Jacobs Data Solutions Nov 06 '15 at 20:13
127.0.0.1 dev.livesite.com doesnt work for me. I get HTTP Error 500.19 - Internal Server Error The requested page cannot be accessed because the related configuration data for the page is invalid. – djack109 May 06 '16 at 20:19
1

This is very useful information, as I was wondering why cookies I'd made were being deleted between debugging sessions – Omar.Ebrahim Aug 05 '16 at 13:44
3

Then how does ASP.NET session work for localhost? Clearly it's storing cookies for the session. I can see them in my cookie inspector. Is the trick to set the path to "/"? – Triynko Nov 03 '16 at 17:58
1

Bad Request - Invalid Hostname – omikes May 25 '17 at 11:30
Do you have a source for this? – Vincent Dec 01 '17 at 12:43
Source: RFC 2109, 6265. Modern browsers doesn't require a leading dot anymore. Read more: https://stackoverflow.com/a/20884869/2440 I've updated the answer. – Sire Dec 07 '17 at 13:08

score 16 · Answer 2 · answered May 28 '14 at 18:03

16

Since an answer has never been chosen, I suppose I can still throw something else out there.

One reason you can run into no cookies being written with an application running under localhost is the httpCookies setting in the web.config. If the domain attribute was set to a specific domain and you run under localhost, the cookies did not get written for me.

Remove the domain attribute in development and the cookies are written:

<!-- Development -->
<httpCookies httpOnlyCookies="true" requireSSL="false" />
<!-- Production -->
<!--<httpCookies domain=".domain.com" httpOnlyCookies="true" requireSSL="true" />-->

answered May 28 '14 at 18:03

Jason Eades

1,015
3
12
26

great, saved me few hours of research. thought something is with my code. thanks son – sensei Oct 25 '17 at 08:45
This seems like a dangerous practice. Easy to forget/miss when publishing. – user158443 Nov 15 '19 at 15:01
1

@user158443 You wouldn't have these lines in the same config. The xml I posted was to illustrate a possible cause of the problem not a recommendation on what your config file should look like. At the very least you would handle this with config transformations or similar. – Jason Eades Dec 19 '19 at 22:02
Setting the requireSSL to "false" worked for me. – sd4ksb Nov 30 '20 at 17:50

score 0 · Answer 3 · answered Dec 23 '08 at 22:21

0

Are you assigning an expiration date to the cookie? By default, the cookie will expire when the browser session expires, meaning it won't write anything to disk.

answered Dec 23 '08 at 22:21

Robert C. Barth

20,631
6
43
52

Why won't asp.net create cookies in localhost?

3 Answers3

Linked