creating a cookie failing with safari, chrome, ie but working with FF

Question

We are using the following code to create the security cookie. Everything works fine in Staging environment, however in the production environment the following code is unable to create a cookie in Safari, Chrome or IE but it does create a cookie successfully in Firefox. anything that you guys think i am missing or is wrong in here ?

public static void SetAuthenticationCookie(CustomIdentity identity)
     {
      ConfigSettings configSettings = ConfigHelper.GetConfigSettings();

      string cookieName = configSettings.CookieName;
      if (cookieName == null || cookieName.Trim() == String.Empty)
      {
       throw new Exception("CookieName entry not found in Web.config");
      }

      string cookieExpr = configSettings.CookieExpiration.ToString();

      string encryptedUserDetails = Encrypt(identity);

      HttpCookie userCookie = new HttpCookie(cookieName.ToUpper());
      if (cookieExpr != null && cookieExpr.Trim() != String.Empty)
      {
       userCookie.Expires = DateTime.Now.AddMinutes(int.Parse(cookieExpr));
      }
      userCookie.Values["UserDetails"] = encryptedUserDetails;
      userCookie.Values["Culture"] = configSettings.Customer.Culture;

      MyContext.Current.Response.Cookies.Add(userCookie);
     }

Answer 1

did you check whether you have Web Developer add-on and disabled cookies? or disabled cookies inside of FF?

Answer 2

I've seen this issue related to the server having the incorrect UTC date/time. Firefox accepts regardless of the server date/time but other browsers won't set the cookie if the date/time is outside of a certain margin of error.

Answer 3

Safari and IE8 don't accept third-party cookies by default.

When you call out to another domain using JSONP, every cookie set by that script will be blocked by Safari and IE8. There is nothing you can do about that (in IE8, you could add a P3P policy, but that doesn't work in Safari).

There are workarounds for maintaining state across JSONP calls, but it's pretty complicated (you'll have to manage state manually and use document.cookie in the called javascript)

As an alternative, you can ask your users to lower the privacy settings in their browser, but this isn't something worth considering IMHO.