Microsoft Knowledge Base Article
This article contents is Microsoft Copyrighted material.
©2005-©2007 Microsoft Corporation. All rights reserved.
Terms
of Use |
Trademarks
Users who use certain client computers cannot log on to an ASP.NET application that uses forms authentication after you apply the daylight saving time 2007 update on the Web server that hosts the application
| Article ID | : | 934413 |
| Last Review | : | December 3, 2007 |
| Revision | : | 1.3 |
SYMPTOMS
Consider the following scenario. You have a Microsoft ASP.NET application that uses ASP.NET forms authentication. You apply the daylight saving time (DST) 2007 update on the Web server or the Web servers that host this application. In this scenario, users who use certain client computers can no longer log on to the application.
When the user enters the correct credentials, that user is not redirected to the requested Web page as expected. Instead, the affected user is returned to the logon page.
Back to the top
CAUSE
This issue occurs if the client computer has not been updated by using the DST 2007 update.
When a user logs on to ASP.NET forms authentication, the Web server issues a cookie to the client computer. By default, this cookie is set to expire 30 minutes after it was issued. This expiration time is based on the time zone difference from Coordinated Universal Time (Greenwich Mean Time).
Important The clock on the client computer may display the correct time. This problem occurs because the time zone information on the client computer is incorrect.
For example, the following behavior may occur:
| • | A cookie is sent from a Web server that is located on the East Coast of the United States. |
| • | This cookie is sent at 14:00 (2:00 P.M.). Therefore, the cookie expiration time is calculated by using the following formula: The starting time is 14:00. Five hours is added to calculate Coordinated Universal Time (UTC). One hour is subtracted to account for DST. Finally, 30 minutes is added to set the cookie expiration time. Therefore, the cookie is set to expire at 18:30 UTC. |
| • | The client computer receives the cookie. However, the client computer has not been updated for the 2007 DST changes. |
| • | The time on the client computer is 14:00 (2:00 P.M.). However, because the time zone information is incorrect, the following calculation is made: The starting time is 14:00. Five hours is added to calculate UTC. The resulting time on the client computer is 19:00 UTC. Therefore, according to the client computer, the cookie expired 30 minutes before the client computer received the cookie. |
Because the cookie is in an expired state, the Web browser on the client computer cannot return the cookie to the Web server. Therefore, the client cannot authenticate successfully.
Back to the top
RESOLUTION
To resolve this issue, update the client computers by using the DST 2007 update. For more information, visit the following Microsoft Web sites:
Back to the top
WORKAROUND
To work around this issue, modify the expiration time of the ASP.NET forms authentication cookie. Configure the cookie to expire in 120 minutes instead of 30 minutes. To do this, follow these steps:
| 1. | In a text editor, open the Web.config file of the affected ASP.NET application. By default, the Web.config file is located in the root folder of the ASP.NET application. |
| 2. |
In this file, locate the following lines of code:<authentication mode="Forms">
<forms name=".ASPXFORMSDEMO" loginUrl="logon.aspx" protection="All" path="http://support.microsoft.com" timeout="30" /> |
| 3. | In the code, change the timeout value to 120. This value corresponds to the expiration of the cookie in minutes. When you modify this value, the cookie expiration allows for more than one hour of time difference between the Web server and the client computer. |
| 4. | Save the changes to the Web.config file, and then exit the text editor.
The ASP.NET application automatically restarts. |
Back to the top
STATUS
This behavior is by design.
Back to the top
APPLIES TO
| • | Microsoft ASP.NET 2.0 |
| • | Microsoft .NET Framework 2.0 |
Back to the top
Community Feedback System
Very often, it takes hours to solve a problem. Very often, you've looked high
and low, and have tried a lot of solutions. When you finally found it, chances
are, it was because someone else helped you. Here's your chance to give back.
Use our community feedback tool to let others know what worked for you and what
didn't.
Please also understand that the community feedback system is not warranted to be
correct, it's simply a system that we've built to let people try and help each
other. If something in a feedback response doesn't make sense to you, or you're
not comfortable making changes that the feedback talks about (like registry
edits), please consult a professional.
Thank you for using kbAlertz.com Feedback System.
-- Scott Cate
(Optional) Name
(Optional)
Public URL Or Email
Comments
No
HTML -- Text Only Please
