Why are my cookies containing JSON occasionally malformed | ansaurus

tags:

cookies
json

views:

186

answers:

1

Q:

Why are my cookies containing JSON occasionally malformed

We're using a cookie for some non-sensitive convenience data about our site visitors. We emit three values: 1) creation date (in ticks), 2) user data, JSON serialized, 3) validation hash

We're seeing a fair number of requests coming in with only half a cookie. They contain the full date and truncated user data, something like {"Foo":false,"Bar":0

This is a high-volume site, and the number of bad cookies looks to be about 1-3 per minute (out of 8-10 thousand page requests per minute).

Anyone experience anything similar? I'm wondering if we have a browser that doesn't like the JSON, or maybe the header is getting truncated by some browsers, or maybe there's a JSON serializer bug. We're using the JavaScriptSerializer in .NET 3.5.

+1 A:

unencoded embedded commas and over stuffed cookies are the typical causes of this behavior

Sky Sanders 2010-02-24 20:53:49

Makes good sense - JSON generates commas, and we are not currently encoding the result. I am going to look at encoding the JSON data and get back to you.

Stuart 2010-02-24 21:41:00

Added url encoding - won't know for sure until the change makes it to production and experiences our normal load, but the header certainly looks "righter".

Stuart 2010-02-25 15:58:15

@stuart - yeah, seems pretty obvious to me. also, you need to be really really aware of how big your cookies are and how many cookies you have because cookie overflow is a silent killer. lol...

Sky Sanders 2010-02-25 16:08:05

I didn't encode the entire cookie, and saw an interesting side effect as a result: http://stackoverflow.com/questions/2342253/do-some-browsers-encode-cookies

Stuart 2010-02-26 14:33:20

related questions

Storing xml data in a cookie

Best way to secure an AJAX app

Is it possible to delete subdomain cookies?

What are the possible causes of a CGI::Session::CookieStore::TamperedWithCookie exception in rails

How do I access cookies within Flash?

Cookies and subdomains

Accessing Domain Cookies within an iFrame on Internet Explorer

Web Dev - Where to store state of a shopping-cart-like object?

Can JQuery read/write cookies to a browser?

Can you reliably set or delete a cookie during the server side processing of an Ajax (XHR) call?

How can I add cookies to Seaside responses without redirecting?

passing or reading .net cookie in php page

Best way for allowing subdomain session cookies using Tomcat

Why can't I delete this cookie?!

Apache Download: Make sure that page was viewed before download

Secure session cookies in ASP.NET over HTTPS

Always including the user in the django template context

How do you set up use HttpOnly cookies in PHP

How exactly do you configure httpOnlyCookies in ASP.NET?

How do you configure HttpOnly cookies in tomcat / java webapps?

How do HttpOnly cookies work with AJAX requests?

What is the best way to prevent session hijacking?

Associating source and search keywords with account creation

How would you implement FORM based authentication without a backing database?

How do I stop IIS7 dropping my cookies?