Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

ASP Cookie Path Question

Posted on 2004-11-02
14
Medium Priority
?
285 Views
Last Modified: 2012-05-05
My web application suffers from the following cookie dilemma. All cookies are "get and set" using request.cookies and response.cookies in ASP code

The problem is related to:

Request.Cookies("Name").Path = "/"

When I comment this line out, some users get an error because the cookie has not survived between page transitions

When the line is in, the cookie survives but any attempt to change the cookie value (by the same page) is ignored, even when path is set every time.

Does anyone out there understand whats going on and what the best practice is ?

thanks
Paul
0
Comment
Question by:plq
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
14 Comments
 
LVL 6

Expert Comment

by:mrwebdev
ID: 12476099
Have you tried:

Server.MapPath


Good Luck!
0
 
LVL 8

Author Comment

by:plq
ID: 12476395
thanks

I can try that but being short of test environments to reproduce the first scenario, what I'm really looking for is an understanding of how the cookie path works
0
 
LVL 5

Accepted Solution

by:
eyeh8u earned 2000 total points
ID: 12482362
Request.Cookies("Name").Path = "/"

Request.Cookies should be providing read-only access to the cookies that are returned to your server by the users browser, is this a type-o do you mean Response.Cookies("Name").Path = "/"?

Cookies are HTTTP header information. You can not change a cookie after the header of the page has been written. IIS will write the headers when the first input is sent to the page. After you have done this you can't change them, IIS should throw an error, if you have On Error Resume Next in your code, this error will be supressed and you won't see what is going on.

<%
Response.Cookies("name") = "value"
%>
After here no header changes are legal
<%
Response.Cookies("name") = "value2" ' This should throw an error
%>

The path of a cookie is an instruction to the web server and the browser for where a cookie is valid. If you set the path to /forums it won't get sent back to /articles for example. But it's up to the browser to get this right.

The best thing to do is something like

<%
Response.Buffer = True
' page business logic
' set cookies
' page display asp code
%>

Set the cookies once in a page, before anything is output to the page. Remove the error supression code and test to see if something is falling over silently.

Try using HTTPSpy (http://www.rwtemple.com/software/HttpSpy) to watch the HTTP headers between your browser and the site that has the problem, you'll be able to see EXACTLY what is going on with the cookies, invaluable for tracking down cookie issues.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 19

Expert Comment

by:webwoman
ID: 12497128
Do you have the exact error that gets thrown?
0
 
LVL 8

Author Comment

by:plq
ID: 12497217
eyeh8u: Sorry for getting request and response mixed up, the code is fine and has been in production for a couple of years.

>> The path of a cookie is an instruction to the web server ...<<
So wouldn't you expect Request.Cookies("Name").Path = "/" to be the same as leaving it out ?


webwoman: No, theres no error, just the cookie loses its value.

When we introduced Request.Cookies("Name").Path = "/" I think it was because of a 500 or 404 error, can't remember which. I don't actually have a pc that reproduces it right now.
0
 
LVL 5

Expert Comment

by:eyeh8u
ID: 12501867
Yes, it would be the same, the default is "/" You only need to set path when you don't want it to be /
0
 
LVL 8

Author Comment

by:plq
ID: 12501905
I've just found this

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q316112

Which suggests that path = "/" will be needed when the computer name of the server contains an underscore. Not sure thats the answer but will investigate.
0
 
LVL 5

Expert Comment

by:eyeh8u
ID: 12502299
AH Well that's the problem solved then!

I was stung with this one myself recently, we wrote an app on our server: codename-ws1 and it was deployed to the client, their server was codename_ws1, the code fell appart as it relies on asp sessions, which IE refuses to send to servers with an _ in the name.

Technicaly, the _ character is illegal in DNS, so you should NEVER put one even in a server name.

It's bound to cause your problem.
0
 
LVL 8

Author Comment

by:plq
ID: 12502431
I've asked a couple of people I know of who had this problem what their computer names are, but its not the whole problem solved anyway.

It does not explain why setting the path the "/" stops the cookie from surviving page transitions when the cookie has been rewritten. Here's the scenario:

- User gets logon page logon.asp
- Fills in pwd and the pwd goes via a form to logonaccept.asp
- Logonaccept contains the following code

      sAuth = midtierobject.Logon( ... )
                if left(sAuth, 5) <> "Error" then
            Response.Cookies("AuthCode") = sAuth
            Response.Cookies("AuthCode").Expires = DateAdd("d", 1, Now())
            Response.Cookies("AuthCode").Path = "/"


- If the user gets password wrong logonaccept will redirect back to logon.asp
- If the user gets password right logonaccept will redirect to the app

- When the user gets password wrong, and they then fill in the correct password, the cookie does not survive between logonaccept and the app. I've tested and debugged this and its definitely losing the cookie (i.e. not some coding error)

- but if I take the line path = "/" out, it works OK

I would add that most installations are second level - e.g.
   http://computername/myapp/logon.asp

0
 
LVL 8

Author Comment

by:plq
ID: 12502473
Hold on...
0
 
LVL 8

Author Comment

by:plq
ID: 12502487
Just fixed the second problem as follows:

before...

     sAuth = midtierobject.Logon( ... )
                if left(sAuth, 5) <> "Error" then
          Response.Cookies("AuthCode") = sAuth
          Response.Cookies("AuthCode").Expires = DateAdd("d", 1, Now())
          Response.Cookies("AuthCode").Path = "/"
    else
          Response.Cookies("AuthCode") = ""
   end if  


after....

     sAuth = midtierobject.Logon( ... )
                if left(sAuth, 5) <> "Error" then
          Response.Cookies("AuthCode") = sAuth
          Response.Cookies("AuthCode").Expires = DateAdd("d", 1, Now())
          Response.Cookies("AuthCode").Path = "/"
    else
          Response.Cookies("AuthCode") = ""
          Response.Cookies("AuthCode").Path = "/"
   end if  

That works

Once a cookies path has been set to "/", it seems you have to set it to "/" every time. I think whats happening is the cookie at the lower level (at http://computername/myapp)  will take precedence over the parent directory cookie (at http://computername)

Well that solves the problem for me because I can now use  Response.Cookies("AuthCode").Path = "/" all the time.

Phew
0
 
LVL 5

Expert Comment

by:eyeh8u
ID: 12502494
>>I've asked a couple of people I know of who had this problem what their computer names are, but its not the whole problem solved anyway.

It only matters about the SERVER not the client. IE won't send ASP session cookies to servers with an _ in the name. This shouldn't affect your regular cookies set with Response.Cookies() I beleive.

Can you re-create the problem reliably? If so, use the HTTP Sniffer I linked earlier and see exactly what is /actualy/ being sent to the browser and what the browser is returning, even if you are confident you are correctly setting cookies in all cases, it can be very enlightening to see exactly where the fall down is occuring.
0
 
LVL 8

Author Comment

by:plq
ID: 12503313
The server is often installed at the customers premises. This is a web app, not a web site.

I can't recreate the problem here. But anyway, the workaround is to always set path. Although it would be interesting to investigate more I will have to move onto other things. Points coming up..

thanks everyone for helping
0
 
LVL 8

Author Comment

by:plq
ID: 13600187
Could you guys take a look at this seemingly related problem

http://www.experts-exchange.com/Operating_Systems/Windows_Server_2003/Q_21359114.html

thanks
0

Featured Post

Enroll in October's Free Course of the Month

Do you work with and analyze data? Enroll in October's Course of the Month for 7+ hours of SQL training, allowing you to quickly and efficiently store or retrieve data. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When crafting your “Why Us” page, there are a plethora of pitfalls to avoid. Follow these five tips, and you’ll be well on your way to creating an effective page.
When the s#!t hits the fan, you don’t have time to look up who’s on call, draft emails, call collaborators, or send text messages. An instant chat window is definitely the way to go, especially one like HipChat. HipChat is a true business app. An…
The viewer will learn how to count occurrences of each item in an array.
The is a quite short video tutorial. In this video, I'm going to show you how to create self-host WordPress blog with free hosting service.
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question