Solved

ASP Cookie Path Question

Posted on 2004-11-02
269 Views
Last Modified: 2012-05-05
My web application suffers from the following cookie dilemma. All cookies are "get and set" using request.cookies and response.cookies in ASP code

The problem is related to:

Request.Cookies("Name").Path = "/"

When I comment this line out, some users get an error because the cookie has not survived between page transitions

When the line is in, the cookie survives but any attempt to change the cookie value (by the same page) is ignored, even when path is set every time.

Does anyone out there understand whats going on and what the best practice is ?

thanks
Paul
0
Question by:plq
    14 Comments
     
    LVL 6

    Expert Comment

    by:mrwebdev
    Have you tried:

    Server.MapPath


    Good Luck!
    0
     
    LVL 8

    Author Comment

    by:plq
    thanks

    I can try that but being short of test environments to reproduce the first scenario, what I'm really looking for is an understanding of how the cookie path works
    0
     
    LVL 5

    Accepted Solution

    by:
    Request.Cookies("Name").Path = "/"

    Request.Cookies should be providing read-only access to the cookies that are returned to your server by the users browser, is this a type-o do you mean Response.Cookies("Name").Path = "/"?

    Cookies are HTTTP header information. You can not change a cookie after the header of the page has been written. IIS will write the headers when the first input is sent to the page. After you have done this you can't change them, IIS should throw an error, if you have On Error Resume Next in your code, this error will be supressed and you won't see what is going on.

    <%
    Response.Cookies("name") = "value"
    %>
    After here no header changes are legal
    <%
    Response.Cookies("name") = "value2" ' This should throw an error
    %>

    The path of a cookie is an instruction to the web server and the browser for where a cookie is valid. If you set the path to /forums it won't get sent back to /articles for example. But it's up to the browser to get this right.

    The best thing to do is something like

    <%
    Response.Buffer = True
    ' page business logic
    ' set cookies
    ' page display asp code
    %>

    Set the cookies once in a page, before anything is output to the page. Remove the error supression code and test to see if something is falling over silently.

    Try using HTTPSpy (http://www.rwtemple.com/software/HttpSpy) to watch the HTTP headers between your browser and the site that has the problem, you'll be able to see EXACTLY what is going on with the cookies, invaluable for tracking down cookie issues.
    0
     
    LVL 19

    Expert Comment

    by:webwoman
    Do you have the exact error that gets thrown?
    0
     
    LVL 8

    Author Comment

    by:plq
    eyeh8u: Sorry for getting request and response mixed up, the code is fine and has been in production for a couple of years.

    >> The path of a cookie is an instruction to the web server ...<<
    So wouldn't you expect Request.Cookies("Name").Path = "/" to be the same as leaving it out ?


    webwoman: No, theres no error, just the cookie loses its value.

    When we introduced Request.Cookies("Name").Path = "/" I think it was because of a 500 or 404 error, can't remember which. I don't actually have a pc that reproduces it right now.
    0
     
    LVL 5

    Expert Comment

    by:eyeh8u
    Yes, it would be the same, the default is "/" You only need to set path when you don't want it to be /
    0
     
    LVL 8

    Author Comment

    by:plq
    I've just found this

    http://support.microsoft.com/default.aspx?scid=kb;en-us;Q316112

    Which suggests that path = "/" will be needed when the computer name of the server contains an underscore. Not sure thats the answer but will investigate.
    0
     
    LVL 5

    Expert Comment

    by:eyeh8u
    AH Well that's the problem solved then!

    I was stung with this one myself recently, we wrote an app on our server: codename-ws1 and it was deployed to the client, their server was codename_ws1, the code fell appart as it relies on asp sessions, which IE refuses to send to servers with an _ in the name.

    Technicaly, the _ character is illegal in DNS, so you should NEVER put one even in a server name.

    It's bound to cause your problem.
    0
     
    LVL 8

    Author Comment

    by:plq
    I've asked a couple of people I know of who had this problem what their computer names are, but its not the whole problem solved anyway.

    It does not explain why setting the path the "/" stops the cookie from surviving page transitions when the cookie has been rewritten. Here's the scenario:

    - User gets logon page logon.asp
    - Fills in pwd and the pwd goes via a form to logonaccept.asp
    - Logonaccept contains the following code

          sAuth = midtierobject.Logon( ... )
                    if left(sAuth, 5) <> "Error" then
                Response.Cookies("AuthCode") = sAuth
                Response.Cookies("AuthCode").Expires = DateAdd("d", 1, Now())
                Response.Cookies("AuthCode").Path = "/"


    - If the user gets password wrong logonaccept will redirect back to logon.asp
    - If the user gets password right logonaccept will redirect to the app

    - When the user gets password wrong, and they then fill in the correct password, the cookie does not survive between logonaccept and the app. I've tested and debugged this and its definitely losing the cookie (i.e. not some coding error)

    - but if I take the line path = "/" out, it works OK

    I would add that most installations are second level - e.g.
       http://computername/myapp/logon.asp

    0
     
    LVL 8

    Author Comment

    by:plq
    Hold on...
    0
     
    LVL 8

    Author Comment

    by:plq
    Just fixed the second problem as follows:

    before...

         sAuth = midtierobject.Logon( ... )
                    if left(sAuth, 5) <> "Error" then
              Response.Cookies("AuthCode") = sAuth
              Response.Cookies("AuthCode").Expires = DateAdd("d", 1, Now())
              Response.Cookies("AuthCode").Path = "/"
        else
              Response.Cookies("AuthCode") = ""
       end if  


    after....

         sAuth = midtierobject.Logon( ... )
                    if left(sAuth, 5) <> "Error" then
              Response.Cookies("AuthCode") = sAuth
              Response.Cookies("AuthCode").Expires = DateAdd("d", 1, Now())
              Response.Cookies("AuthCode").Path = "/"
        else
              Response.Cookies("AuthCode") = ""
              Response.Cookies("AuthCode").Path = "/"
       end if  

    That works

    Once a cookies path has been set to "/", it seems you have to set it to "/" every time. I think whats happening is the cookie at the lower level (at http://computername/myapp)  will take precedence over the parent directory cookie (at http://computername)

    Well that solves the problem for me because I can now use  Response.Cookies("AuthCode").Path = "/" all the time.

    Phew
    0
     
    LVL 5

    Expert Comment

    by:eyeh8u
    >>I've asked a couple of people I know of who had this problem what their computer names are, but its not the whole problem solved anyway.

    It only matters about the SERVER not the client. IE won't send ASP session cookies to servers with an _ in the name. This shouldn't affect your regular cookies set with Response.Cookies() I beleive.

    Can you re-create the problem reliably? If so, use the HTTP Sniffer I linked earlier and see exactly what is /actualy/ being sent to the browser and what the browser is returning, even if you are confident you are correctly setting cookies in all cases, it can be very enlightening to see exactly where the fall down is occuring.
    0
     
    LVL 8

    Author Comment

    by:plq
    The server is often installed at the customers premises. This is a web app, not a web site.

    I can't recreate the problem here. But anyway, the workaround is to always set path. Although it would be interesting to investigate more I will have to move onto other things. Points coming up..

    thanks everyone for helping
    0
     
    LVL 8

    Author Comment

    by:plq
    Could you guys take a look at this seemingly related problem

    http://www.experts-exchange.com/Operating_Systems/Windows_Server_2003/Q_21359114.html

    thanks
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    The first time you look at a web page and its source code, you are probably a little intimidated by the use of symbols and jargon that really looks foreign to you. You might not even know where to start to begin learning what it all means. That’…
    Why do we like using grid based layouts in website design? Let's look at the live examples of websites and compare them to grid based WordPress themes.
    Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
    The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

    913 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now