Opera browser - Problem with login using asp.net forms authentication cookies

For years I've been getting my ass-kicked with several of my asp.net sites. For reasons that remained unknown to me for several years, whenever I'd try to login to one of these applications from opera, opera would just fail to login.

There would be no error message. You'd type in your user and password, click the login button, the page would refresh, but you'd simply not be logged in.

Finally, I have discovered the cause and a solution to this annoying problem!

I always suspected the problem with Opera was related to the authentication cookie, but I was unable to really figure out why. All I knew was that on my apps that failed Opera wouldn't have an authentication cookie, while on other apps it would get a cookie just fine.

The particular applications where I have been having the problem all share some common unique attributes. They use some kind of URL Rewrting (though not always the same mechanism), they all use the built-in SQL Membership provider (or a customized variation of it), and they are are very complex applications. Most of them host multiple virtual sites within the same physical asp.net app.

I have other applications that work just fine with Opera though. Some of those were also just as advanced as the failing sites and used similar mechanisms.

So for years I've tried and failed to determine a common factor between the failing apps and the working ones.

In none of these cases though have I every had a problem with any other browser, and I generally test sites with 5 or more.

Google has been no help here either. While I find similar reports of this kind of problem, you have to dig very deep and when you do find someone reporting a similar problem there is never a solution offered.

But this week, I finally managed to track down and fix this annoying problem.

It turns out that Opera doesn't correctly handle cookie names that contain spaces.... or at least not when issued via the asp.net authentication system.

In web.config there is a <forms> element within the <authentication> section. This is where you setup details about how the forms authentication system should work. One of the properties is called "name" and this property sets the name of the cookie that will be issued to the browser with the user's authentication ticket. If you omit the name property, asp.net uses a default name of ".ASPXAUTH".

In all of my failing applications, I had manually set a value for the name propery, and that name contained spaces. In fact, most of these apps used the same name because I generally copied this section of configuration from one of the other apps.

Changing the cookie name to one that does not use spaces allows opera to correctly handle the cookie...  login failure solved!

Three years of frustration all because of a space...  but that's programming for ya!

Review: ReliableSite.net and webhost4life for shared web hosting

[UPDATE - 2/7/2011] I have terminated my relationship with ReliableSite.net. I cannot recommend this hosting provider to anyone anymore. Over the years since I wrote this post initially, their service quality has degraded drastically, and the technical support is abysmal.  

[UPDATE - 1/17/2010] after a year with ReliableSite.net, I have posted a newer review of them. You should still read this review, as I've not re-covered the same ground again in the update and what I wrote here still stands true.  

As I posted last week, I am no longer hosting my sites with webhost4life. Once upon a time webhost4life offered a fantastic service at a reasonable price, but over the last few years I've grown increasingly annoyed with them.

Instead, I've moved my hosting over to ReliableSite.net. So, I thought I'd spend a little time describing my experience with both providers for the benefit of anyone else that might be considering either hosting provider.

I first considered a switch to ReliableSite.net last year after hearing about them on a forum somewhere (dunno where). What got my attention was their pricing model; you buy the base service then customize the plan by purchasing additional services and features one-by-one as you need them.

Brilliant!

With other providers, I end up having to buy a lot more than I really need just to get enough of one minor feature that I overuse a tad. With ReliableSite.net though, I'd be able to pickup and pay just for features I actually need.

But at the time, ReliableSite.net had only been around a year or so. It had good reviews, but I've been through at least a dozen providers that failed shortly after starting up or were unable to scale their services as they grew. So I'm cautious about jumping onboard with new providers.

Webhost4life was hosting my personal sites, and I was increasingly unhappy with them, but I decided to wait another year at webhost4life to see if they improved and to see if ReliableSite.net would survive long enough to be a viable alternative.

Five years ago, when I first started using webhost4life they were amazing!
 
They were one of the earliest providers to have a decent base hosting package under $20 and they were also the only provider at the time to have a fully comprehensive online management system. And my favorite part was that webhost4life offered early acces to new Microsoft platforms while they were still in beta.

But about 2 years ago, webhost4life started sucking.

Stuff that cost webhost4life my business:

• Starting about 2 years ago there was a noticable decrease in performance of my sites, and this has continued to worsen ever since. I have also seen my sites become inaccessable for no reason much too frequently. The worse part of this problem was that I often had problems maintaining a sustained connection while downloading files from the web site, or when uploading files over FTP. It is really annoying to have to restart a deployment of your web site 15 times because the connection keeps dropping.
        
• They abandoned support for SQL Express on the claim that it didn't scale well. Of course, the real problem was that they were putting far too many users on their servers without scaling out the hardware and decided to drop SQLExpress so they could squeeze in a few more users.
        
• They released a new control panel that was more convoluted than their older one, but added no relevant features or convieniences for their customers.
        
• They had botched two email server upgrades during the time I was with them, and in one case I had to wait over a year to migrate to a newer system because the new system couldn't handle email lists. This would have been fine, except that the old system didn't have any anti-spam protection.
        
• There was a significant decrese in the qualituy and response times from their support staff. I used to get a decent reply back in just a few hours, but the last few times I had an issue it took over 24 hours to get a reply and when the reply came back it was just some form-letter that had almost nothing to do with my actual question.
        
• Worst of all was that they stopped offering early access to new platforms. When  .NET 3.5, Windows Server 2008, and SQL Server 2008 were in beta, I was left in the cold. Even after those platforms went into the public market, it still took webhost4life several more months to bring an upgrade option to their customers... and they still aren't offering SQL 2008 support yet.
   
  I evaluate new platforms by upgrading my personal sites before the platforms are released. This way I can stay on top of new stuff before I'm asked to use it in my larger professional projects. Not having access to new platforms until months after they release to the public is not acceptable to me.
      

So this year, when I was up for renewal at webhost4life, I decided to switch. ReliableSite.net had survived their second year and were still getting good reviews... though the reviews are rather sparse.

What I like about ReliableSite.net:

• Managment Tools:
   
  Reliable uses DotNetPanel for their online managment. DotNetPanel is a pure joy to use compared to the clunky online managment tools I've used at other providers. Not only is it pretty, but it is exceptionally intuative to use. Managing IIS, web sites, file systems, databases, DNS, and email systems is NOT a very easy task, and I'm a certified expert in all of those areas.  But most online tools for doing this kind of managment are even harder to deal with.
  
  But I found that DotNetPanel makes things very simple, while not holding back on any critical options.
   
  DotNetPanel is so good, Microsoft should consider buying out the company and getting their developers write their own native admin tools.
   
  DotNetPanel is a shining example of what administering servers should be like!
  
  This is the first provider I've seen use this system, but as you can tell I am very impressed. Perhaps the best thing about it is that ReliableSite.net hasn't done much to customize the stock DotNetPanel. This isn't a problem since it is more than capable enough to get the job done. It also means that ReliableSite.net will be more able to upgrade as new versions arrive. Even better, I'm not a the mercy of ReliableSite.net's own developers to maintain and improve a custom tool over time. Instead, they can spend their time and resources making my service reliable and fast, and leave the development to a 3rd party with a direct financial incentive to improve the product.
        
• Pricing Model:
   
  ReliableSite.net allows you to upgrade nearly everything about your account on a per-feature basis. This allows you to incrementally ramp up your services as you grow without paying for stuff you don't need.
   
  Another thing I like is the option to pay monthly, quarterly, or annually. I chose to take an annual payment option. Even better, when you add an upgrade to your service they pro-rate the charges to align them with your regular billing cycle.
        
• Performance:
  
  So far, the site is fast... at least 10x faster than I was seeing on the degrading webhost4life account I had been using. It isn't like crazy fast, but it is certainly as fast or faster than I expected. I haven't had the account long enough to say much about reliablity, but so far I haven't had any downtime that I'm aware of and speed seems consistant even at peak usage times.
        
• Affiliate and Reseller Programs:
  
  Though I no longer use these features, ReliableSite.net has a nice reseller system going. This is very useful if you are a free-lance developer or small site design company... you can offer your customers "hosting" as part of the deal, and still reap part of the reoccuring profits. And you don't have to deal with all the hard server and network stuff..  

What I don't like about ReliableSite.net:

• Email Options:
   
  The base plan is a little shy with emails, only giving 5 boxes and 5 aliases. They have well priced add-ons for increasing these but you can't buy just aliases or just inboxes... you have to buy both together.
   
  The price isn't bad, and even the unlimited option is quite affordable. But I can't help but feel like I'm getting robbed on aliases... aliases are just redirectors and don't really "cost" the provider anything much. I had to buy additional email boxes just to increase the number of aliases.
   
  They use SmarterMail, which is a fantastic and popular system. It is also the same system that  webhost4life used. I like the system, but ReliableSite.net didn't enable the built-in admin tools via the SmarterMail web client.
   
  Instead you are stuck using the simpler DotNetPanel tools to add accounts, aliases, and lists. The DotNetPanel allows you to create aliases, but it only allows one target email address per alias.
   
  Had they enabled the built-in SmarterMail tools for "aliases" I could have had multiple destination addresses for a single email alias.
   
  Due to this odd limitation of the DotNetPanel alias feature, I had to create a full mailbox for these kinds of addresses. fortunatly I was able to setup multi-target forwards on the inboxes via the SmarterMail personal account settings tools, but it sure seems like a waste to have to deticate an entire inbox just to forward mail on to multiple destinations.
   
  None of these problems are deal-breakers, just minor annoyances... but they still seems like an artificial and unnecessary limitation.
        
• There are a few differences in password requirments for some services. For example, the password policy for database user accounts is stricter than the requirments for the billing system, FTP accounts, and online control panel. This is REALLY annoying because I like to keep the same user and password for all services related to my hosting provider. While I was able to create the same user, my password didn't quite meet the policy requirments for their SQL server, so I had to go back and change all the other passwords to adhere to the stricter policy.
   
  On a similar note, there are too many user accounts and passwords. I have a billing account, a site managment account, an FTP account, a SQL user account, and an account for the online statistics feature. Too many accounts. Sure, I understand that each of these is a different system internally, but it would be nice if the system attempted to create the illusion of a unified user and password... at least for the primary account owner.
        

Stuff that is just strange about ReliableSite.net:

• Some of the base package seems extraordinarily generous, while other parts seem overly restricted. In the base package you get unlimited DNS domains and web sites, but you can only setup 1 sub-domain with the base account. This seems odd because sub-domains are just DNS tricks while web sites actually use resources.
   
  You also have unlimited FTP accounts, but you only get 5 email aliases (and 5 email inboxes boxes).
  
  Not a problem, just an odd choice. I would have thought that paying for additional domains, web sites, and FTP user accounts would make sense, but unlimited sub-domains and email aliases would be thrown in for free.
        
• When you buy packages, you get to choose a billing cycle (monthly, annually, biannually, etc.). When you buy add-ons you only get to choose based on a monthly rate. When you buy the add-on, it charges the monthly rate to your card. Then a few hours later another charge appears that is a pro-rated amount for the remaining billing term of the base package.
  
  I don't mind this at all... I'd rather they pro-rate add-ons and sync the billing to the same cycle as the base package, but I did find it odd that the checkout process did not indicate that this would happen. From the point of view of the buyer, it appears as if you are going to be purchasing monthly. There is no mention that you will also be billed a pro-rated amount. Not a problem for me, but if you were on a tight budget and are just expecting to be billed for one month then this could be a major problem.
        
• I had to setup static machine keys in my configuration files. When I didn't do that, my sessions would just abruptly end and it would not persist logins. I assume that this must be a web farm setup, but nothing in the documentation or marketing mentioned that.
   
  Not a problem, but had I known this was a web farm environment it could have impacted my decision to host here. Fortunatly my apps are all adaptable to web farms, but I've had sites that were not in the past.
        

Overall I am happy with my initial experience with ReliableSite.net. The problems are very minor compared to any other provider I've used, and the advantages are significant. Hopefully, I'll remain as happy over time.