MVC3 FormsAuthentication cookie not obeyed in Firefox and Chrome, works in IE

Question

I'm stumped. I have an MVC3 application that is using FormsAuthentication with a custom token (storing some additional user data). It works in IE. In Firefox and Chrome, however, the cookie is not obeyed.

Examination in Fiddler shows that upon login the cookie is sent to the client in the response, but on subsequent request from the client (to load the main page after login) the cookie is NOT sent back to the server.

My code:

var encryptedCookieString = FormsAuthentication.Encrypt(ticket);
  var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedCookieString);
  cookie.Expires = ticket.Expiration;
  HttpContext.Current.Response.Cookies.Add(cookie);

And fetching the cookie:

var cookie = HttpContext.Current.Request.Cookies.Get(FormsAuthentication.FormsCookieName);

And the web.config for the Auth setting:

 <authentication mode="Forms">
  <forms loginUrl="~/Account/LogOn" timeout="2880" />
</authentication>

I've looked at both Firefox and Chrome browsers and cannot see anywhere where cookies are turned off.

At first I thought this might be an issue with developing on localhost, so I deployed to a training server. Same story - works in IE, doesn't work in Chrome or Firefox.

Any clues?

Update

A coworker of mine was able to access it with Chrome and it worked for him. So I have to believe this is a fault with my Chrome/Firefox. Also, I am on a VPN and using Remote Desktop into my dev machine. Could this be causing the issue?

Answer 1

The answer is: The cookie is too big.

It took me some time to figure this out. We're storing a lot of extra user data in the cookie (to prevent repeat queries to the DB) and the cookie exceeded the 4Kb that most browsers allow.

Answer 2

Is it possible that in authentication's forms node in web.config you have cookieless="UseDeviceProfile" or "AutoDetect"?

If so, change it to cookieless="UseCookies"