ASP.NET Help! FireFox is eating my cookies!

IE works fine, but FireFox does not.

I am setting a cookie on my default.aspx page:

    HttpCookie hc = new HttpCookie("guid", guid.ToString());
    hc.Expires = DateTime.Parse("12/12/2010");
    Response.Cookies.Add(hc);

My upload control (I'm using SWFUpload) submits to upload.aspx.

On upload.aspx I call:

    if (Reque开发者_开发百科st.Cookies["guid"] != null)
    {
       // Do something.
    }

...my cookie only contains my ASP.NET session variable. Any ideas?

I have had the same issue when trying to upload files in Firefox through my Flex application. If you're also using Flash, you may want to do what I did; if you're using the HTML controls, this may or may not apply.

What I did to work around the Firefox issue is issue a one-time use token on the server, then post that token when doing the upload (for example, it could be a hidden field in the form). If the token is recognized upon upload, the upload is processed, then the token is expired. So it's basically what you're doing, only without using a cookie.

This is what I used to add/get cookie values. Works for me in both IE and FF

addCookie:

HttpCookie c = new HttpCookie("myCookie");
c.Expires = new DateTime(2050, 1, 1);
c.Values.Add("key", "value");

getCookie:

string value = Request.Cookies["myCookie"]["key"];

Behind the scenes, you are probably setting the same cookie twice. Firefox and IE probably differ on which one they choose to keep. ASP.NET likes to set a "guid" cookie automatically in a lot of web applications. By choosing that name, you are bound to create tension between the automatic logic and your own. The best way to see what is happening is to load the Live HTTP Headers add-on to Firefox. It will allow you to see exactly what cookie commands are being sent over to the end-user. You can also force a similar problem to see it recreated:

HttpCookie hc = new HttpCookie("testcookie", "xyz");
hc.Expires = DateTime.Parse("12/12/2010");
Response.Cookies.Add(hc);
hc = new HttpCookie("testcookie", "abc");
Response.Cookies.Add(hc);

This results in an HTTP header with two Set-Cookie calls:

Set-Cookie: testcookie=xyz; expires=Sun, 12-Dec-2010 07:00:00 GMT; path=/
Set-Cookie: testcookie=abc; expires=Sun, 12-Dec-2010 07:00:00 GMT; path=/

From there, it is up to the browser to decide whether first or last is the final value. If two browsers do it differently, you end up with the situation you describe. Install the Live HTTP Headers add-on and look for something similar. At the very least, you should probably consider "guid" to be a cookie name that you should use in an ASP.NET forms app.

If you absolutely need to have multiple places set the same cookie, try to find it first (create a new one if it doesn't exist). This will ensure you are overriding the value of the existing cookie rather than creating another cookie with the same name.

HttpCookie hc = Response.Cookies["testcookie"];
if (null == hc) {
    hc = new HttpCookie("testcookie");
    Response.Cookies.Add(hc);
}
hc.Value = "xyz";

First off, there's a type-safe constructor for DateTime, which is new DateTime(2010, 12, 12).

Second, you're using different names for your cookie: guid vs applicationGuid. Use either, not both.