Cookies and Globalization in Community Server v2.1

Most of the installations of Community Server I run need to have the Greek language as the default language. Although Community Server does just fine with Greek as the default language, there are always points that need some more work…

The complaint I received most, is that a user cannot logout/terminate a session – he may follow the logout link, but the browser seems to hang!

Community Server uses cookies to store information about a user’s session. It uses a cookie to remember the last weblog the user had visited in My Blogs, or the last photo gallery in My Photos or the last file gallery in My Files… There is a lot of information stored in cookies, but do not be afraid, the critical information is encrypted.

After checking IIS logs, I found out that when a user was navigating at logout.aspx, the logout.aspx was redirecting the user in the same page, again and again, putting him in a loop…

Checking Community Server’s source code for logout.aspx page, one can see that the page is deleting user’s cookies and redirecting him to the same page in order to confirm that. So, if the user does not logout, the cookies do not delete! Well, the hypothesis looks awkward – the browser refuses to delete cookies – so I had to look deeper!

I had the idea to monitor the traffic between the browser and the web server, and being an IE user, I installed Fiddler. I deleted all my cookies and I began surfing the website that was running with Greek as the default language, in order to capture the traffic.

Going through the Control Panel and while I was working with weblogs in My Blogs, I found out, I could not change weblog – I could make a choice to work with a blog, but later, when I chose another weblog, I found myself working with the first weblog.

The same was happening with the photo galleries and the file galleries! Having a closest look at the captured traffic, I was almost sure that this behavior was due to a bug in the browser. What I could not understand was why this behavior was replicating only on my site!

Then I had the idea to capture the traffic between my browser and communityserver.org. By comparing the captured data between the two sites, I found out the cookies I was receiving from communityserver.org were easier to read, regarding the cookies from the website that was running with Greek as the default language. The captured data from the latest site had a lot of noise in the cookies that stored the last visit of the user, and the last action of the user.

Comparing the dates written in the cookies, it hit me! The dates in the site having Greek as the default language were written in the cookies with Greek characters for AM/PM symbols. Community Server was trying to parse these dates, coming with an error, and the cookies got altered to the noise characters, I could see on the captured data! Then the cookies got bigger and bigger, containing characters that made the cookies unreadable from the browser, and finally the browser was not able to delete them.

I checked the source code in order to verify my findings – I was right:

// CommunityServerComponents20.csproj
// ComponentsComponentsUserCookie.cs
// Line 96:

// Original
#region Last Visit
/// <summary>
/// This method should only be called at the beginning of each session.
/// It will update the LastVisit(lv) by looking at the MostRecentActivity(mra)
/// NOTE: If MostRecentActivity doesn't exist, it's the user's first time to the site
/// </summary>
public void UpdateLastVisit()
{
  if (userCookie["mra"] == null)
    userCookie["lv"] = DateTime.Parse("1/1/1999").ToString();
  else
    userCookie["lv"] = userCookie["mra"];

  WriteCookie();
}

public void UpdateMostRecentActivity()
{
  userCookie["mra"] = DateTime.Now.ToString();
  WriteCookie();
}

public DateTime LastVisit
{
  get
  {
    if (userCookie["lv"] == null)
      UpdateLastVisit();

    return DateTime.Parse(userCookie["lv"]);
  }
}
#endregion

In order to make sure the dates where readable from the browser and Community Server, I thought that the best format to write them would be the format pattern for a time value, which is based on the Internet Engineering Task Force (IETF) Request for Comments (RFC) 1123 specification and is associated with the ‘r’ and ‘R’ format characters.

// Modified
#region Last Visit
/// <summary>
/// This method should only be called at the beginning of each session.
/// It will update the LastVisit(lv) by looking at the MostRecentActivity(mra)
/// NOTE: If MostRecentActivity doesn't exist, it's the user's first time to the site
/// </summary>
public void UpdateLastVisit()
{
  if (userCookie["mra"] == null)
    userCookie["lv"] = DateTime.Parse("1/1/1999").ToString("r");
  else
    userCookie["lv"] = userCookie["mra"];

  WriteCookie();
}

public void UpdateMostRecentActivity()
{
  userCookie["mra"] = DateTime.Now.ToString("r");
  WriteCookie();
}

public DateTime LastVisit
{
  get
  {
    if (userCookie["lv"] == null)
      UpdateLastVisit();

    return DateTime.Parse(userCookie["lv"]);
  }
}
#endregion

That’s it! The cookies now do not contain any noise characters and they can be deleted!