?
Solved

ASP - Is Cookie Enabled?

Posted on 2007-10-16
15
Medium Priority
?
495 Views
Last Modified: 2012-08-13
I am struggling writing an ASP script that does the following.

I would like a script(s) that will first check to see if cookies are enabled in the users browser, if so redirect accordingly. Then on the cookie enabled redirect if a user fills in their username and clicks remember me if a cookie with the correct session ID and that matches the username the password is retrieved.

If a cookie does not exist then it will create one that is domain specific, holds the unique session ID username and password.

I dont want the user to be able to click remember me and the username and password is retrieved, just the password providing the username was previously entered on that system and that matches the uniquie session ID, hope I am making sense.

Any help with this would be much appreciated.

Regards, NewAS.
0
Comment
Question by:NewAS
  • 7
  • 5
  • 2
  • +1
15 Comments
 
LVL 7

Expert Comment

by:chisholmd
ID: 20086224
I think to check if cookies are enabled you need to write a cookie, then redirect to another page and see if its still there.

Storing username and password, or even just a password in a cookie seems like a bad idea. Are you going to encrypt the password?  You can use the free encryption library from MS.  I think it was called capicom.
0
 
LVL 4

Expert Comment

by:swinslow
ID: 20086926
Cookies are always domain specific, in other words, one domain cannot access the cookie created on another domain. However for the code you are looking for, this may at the very least point you in the right direction:

  UserName = Request.Cookies("UserInfo")("UserName")
  Password = Request.Cookies("UserInfo")("Password")
  SessionID = Request.Cookies("UserInfo")("SessionID")
  If Len(Trim(SessionID)) = 0 Then
     SessionID = Session.SessionID
  End If
  'If UserName is empty then the visitor eitehr does not have cookies enabled or has not logged in
  If Len(Trim(UserName)) > 0 Then
     Response.Cookies("UserInfo")("UserName") = UserName
     Response.Cookies("UserInfo")("Password") = Password
     Response.Cookies("UserInfo")("SessionID") = Session.SessionID
     Response.Redirect "SomeOtherPlace"
  End If
0
 

Author Comment

by:NewAS
ID: 20087480
Thank you for the above, will have a go tomorrow. I started with this:

test_cookie.asp

<%
If Request.Querystring("sID") = "" Then
      Session("testcookie") = "1"
      Response.Redirect("test_cookie.asp?sID=1")
Else
      If Session("testcookie") Then
            'Enabled code.
      Else
            'Not enabled code.
      End If
End If
%>

This works very well browsers that I have tested so far, internet explorer, firefox, netscape and opera. My only concern is the redirect which is obviously a performance hit and I want to refrain from using javascript.

Any thoughts as how I can check for the cookie without having to redirect and use javascript?

Regards, NewAS.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 16

Expert Comment

by:golfDoctor
ID: 20088265
The redirect is just for testing, you wouldn't do it like that for normal session variable use.
0
 
LVL 4

Expert Comment

by:swinslow
ID: 20088266
In your code you have above, you are using session variables, session variables are different than cookies. Session variables are stored on your server and cookies are stored on the visitors computer.

If you want to check to see if cookies are enabled:
CookiesEnabled = False
Response.Cookies("TestCookie") = "Test"
If Request.Cookies("TestCookie") = "Test" Then
   CookiesEnabled = True
End If

If you want to check the value of a cookie, just retrieve the value of the cookie
TestCookieValue = Request.Cookies("TestCookie")

Here are a couple of links that may also help you get what you want accomplished:
http://www.w3schools.com/asp/asp_cookies.asp
http://www.w3schools.com/asp/asp_sessions.asp
0
 
LVL 16

Expert Comment

by:golfDoctor
ID: 20088319
swinslow - your testing is incorrect.   A cookie set and checked within the same page is just like any variable, and not accurate for testing if cookies are enabled.  Response.cookies and request.cookies need to be set and checked on different requests if you are checking if cookies are enabled.   If you set a cookie and check the value right below setting it, it will read the value even if cookies are disabled.

0
 

Author Comment

by:NewAS
ID: 20089116
My above code works if I set the browsers to enable cookies run it goes to my first option and if I clear my cache and then set the browsers to not accept cookies it goes to the second option.

If anyone has the definitive answer I would love to know.

Regards, NewAS.
0
 
LVL 16

Accepted Solution

by:
golfDoctor earned 1500 total points
ID: 20089141
You obviously haven't understood what people said.  Read up on sessions.

http://www.google.com/search?hl=en&q=detect+session+cookies+vbscript&btnG=Google+Search
0
 

Author Comment

by:NewAS
ID: 20091911
Ok i tweaked my code, like so:

<%@ Language=VBScript %>
<%
Option Explicit

If (Request("sID")="") Then
      Response.Redirect "cookie_test.asp?sID=" & Session.SessionID
Else
      Dim sID      
      sID = Request("sID")

      If sID = Session.SessionID Then
            'Cookies enabled code.
      Else
            'Cookies disabled code.
      End if
End if
%>

Not sure if broadcasting the Session ID is a good idea, what are peoples thoughts on this.

So the first part checking for cookies enabled, so far so good.

Now need to do a check that if the user types in a username and clicks remember me that the code checks to see is a cookie exists and that matches the session ID, then if the username matches what is entered the password is retrieved, if not do nothing.

If a cookie does not exist then when the user has completed entering both the username and password a cookie is generated with these details along with the session ID.

Could someone, please assist on this part?

Many thanks in advance.

Regards, NewAS.
0
 
LVL 16

Expert Comment

by:golfDoctor
ID: 20092569
No, not a good idea to pass session id.  The idea is that you set a session("variable") on one page, or a cookkie, like a log in page, and then on other page that require login, you check the session("variable") or cookie value to see if it has a value, and if not, they are sent to login page.

Session variables are NOT the same as Request.Cookies.

Session are really quite simple to understand, but you do have to do a little reading on them.  
http://www.google.com/search?hl=en&q=sessions+and+request.cookies&btnG=Google+Search 
0
 

Author Comment

by:NewAS
ID: 20099556
Ok, banging my head against a brick wall.

How do I do the same as above without broadcasting to the whole world the sID "Session ID"?

Please help.

Regards, NewAS.
0
 

Author Comment

by:NewAS
ID: 20100050
I am thrashing my head here, I am using MD5 to encrypt the Session ID, but for some reason the session variable Session("sISMD5") is not staying, it is executing before the redirect but not when the page reloads, please see my code below:

<%@ Language=VBScript %>
<%
Option Explicit

Response.CacheControl = "no-cache"
Response.AddHeader "Pragma", "no-cache"
Response.Expires = -1
%>
<!--#include virtual="md5.asp"-->
<%
If (Request("eSID")="") Then
      Session("sISMD5") = MD5(Session.SessionID)
      Response.Redirect "cookie_test.asp?eSID=" & Session("sISMD5")
Else
      Dim eSID
      eSID = Request("eSID")
                  
      If eSID = Session("sISMD5") Then
            Response.Write("eSID: " & eSID & "<br>")
            Response.Write("eSID: " & Session("sISMD5")  & "<br>")
            Response.Write("Cookies turned ON.")
      Else
            Response.Write("eSID: " & eSID & "<br>")
            Response.Write("eSID: " & Session("sISMD5")  & "<br>")
            Response.Write("Cookies turned OFF.")
      End if
End if
%>

What am I doing wrong?

Regards, NewAS.
0
 

Author Comment

by:NewAS
ID: 20100349
Nevermind, I turned off cookies in a previous test and forgot to put it back on, talk about cant see the wood for the trees.

Regards, NewAS.
0
 
LVL 16

Expert Comment

by:golfDoctor
ID: 20100539
So what do you need now?  This really is not that complicated if you would just read the links I sent.  Sessions/Cookies are self explanatory.
0
 

Author Comment

by:NewAS
ID: 20101355
Nothind now, my above code works fine thank you.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello, all! I just recently started using Microsoft's IIS 7.5 within Windows 7, as I just downloaded and installed the 90 day trial of Windows 7. (Got to love Microsoft for allowing 90 days) The main reason for downloading and testing Windows 7 is t…
When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Suggested Courses
Course of the Month15 days, 23 hours left to enroll

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question