We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now


ASP.NET/VB.NET Cookie Session Problem

chrisryhal asked
Medium Priority
Last Modified: 2012-05-06
Visual Studio.NET 2005 / 2.0 Framework
CodeBehind = VB.NET

I have a cookie that is loaded and installed on the users PC when they login using this method:

        Dim aCookie As New HttpCookie("WWOCOOKIE")
        aCookie.Values.Add("GUID", strSessionGuid.ToString)
        aCookie.Values.Add("EMAIL", txtEmail.Text)
        aCookie.Expires = DateTime.Now.AddDays(1)

So if the cookie is present I have a method on the Page.Load event:

        If Request.Cookies("WWOCOOKIE") Is Nothing Then
                TABLE2.Visible = False
        End If

the problem, is that as I am still testing if I go and physically delete the cookie, the table should automatically become visiable again, but that is not hte case unless I exit out of Interne Explorer and go back to the site.  Perhaps I am not handling this correctly?
Watch Question

Top Expert 2005

In this case, deleting the cookie file is only half of what you need to do to truly destroy it.  The cookie is also loaded up into IE's memory, and to get rid of that, you either have to delete through javascript, or close the browser.
Top Expert 2009

Is this code enclosed in a 'IsPostBack' block?

If so, move it outside the IsPostBack and then try.


Well, killing it with javascript would suffice if you could direct me in the right direction.

And regarding the Page.Load block, I have tried it with IsPostBack and without.  It really should be without IsPostBack because the cookie will sit on the users PC for one day and if they come back, I don't want them to have to log back in if cookie is present.  
Top Expert 2005

There are plenty of ways to delete cookies using javascript, here is the first way I found using google.


keep in mind raterus's first comment. even if you manually delete the cookie, your application may still hold it in memory (in session) until the server session times out or the browser is closed.

also keep in mind that the IE browser may not "reload/refresh" the page every time. by default, it is set to "Check for newer versions of stored pages" automatically. So it's possible that even if the user hits "refresh", the browser is pulling it from cache. having "no-cache" declarations in the <head> section will help (but not totally solve) this issue.


Well, I was able to get the cookie to delete but I now I face basically the same problem, just opposite thought.

1)  User goes to website and logs in.  Upon hitting login button SQL script is executed to confirm credentials.  If DR = TRUE then hide TABLE1 or "TABLE1.VISIBLE = FALSE"

2)  However TABLE1.VISIBLE property does not changed to FALSE unless I perform a REFRESH within browser.  Is there a way to FORCE the refresh?  Basically I want a refresh to FORCE upon everyload of hte page.  
Top Expert 2005

It sounds like in your situation, you'd be better off loading this type of information into the Session, rather than a cookie.  Cookies are client-side and probably not the best choice for your particular situation.


is there an easy way to do that similar to what I already know about cookies?
Top Expert 2005
Well the basics of the Session Object are the same...

To set a value
Session("myValue") = 123

to retrieve a value
myValue = Session("myValue")

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts



Appears the sessions are a little more friendly to me, not to mention its probably more secure.

Problem with the refresh still lies though.  Once user logs in, they still have to hit REFRESH or F5 on keyboard for the action to take effect.  
Top Expert 2005

Obviously that shouldn't be required :-)

I would trace your code to see the order which these two lines are called, my guess is you must be setting the variable to control showing/hiding AFTER you read it.


SNIPPET is the code on page load.  

Here is the code when pressing the button.   Like I said, seems to work providing a FORCED refresh is performed in the webbrowser after its posted back from the below code:   FYI, just in case and JUST thought of this, this code is on a UserControl on an ASPX page.  I don't know if that might have anything to do with it.  I just thought of that, so please forgive if thats the case but I wouldn't think it would be.

        Dim sConn As String = System.Configuration.ConfigurationSettings.AppSettings("DBCONNECTION")
        Dim sSQL As String
        Dim oConn As SqlConnection
        Dim oDataReader As SqlDataReader
        Dim oCommand As SqlCommand
        oConn = New SqlConnection(sConn)
        sSQL = "SELECT * FROM Users WHERE Email = '" & txtEmail.Text & "' AND Password = '" & txtPassword.Text & "'"
        oCommand = New SqlCommand(sSQL, oConn)
        oDataReader = oCommand.ExecuteReader()
        If oDataReader.Read = True Then
            lblBadLogin.Visible = False
            strSessionGuid = oDataReader("GUID").ToString
           Session("GUID") = strSessionGuid.ToString
            lblBadLogin.Visible = True
            lblBadLogin.Text = "Username/Password Do Not Match"
        End If

    Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
        If Session("GUID") Is Nothing Then
            TABLE1.Visible = True
            TABLE2.Visible = False
            TABLE1.Visible = False
            TABLE2.Visible = True
        End If
    End Sub

Open in new window

If i remember correctly, the Page_Load event is triggered BEFORE the events in the user control, so during page load, your session variable is sill Nothing.

Load order is always a tricky thing, especially with user controls.


Ok, understandable and probably correct.  Is there a way to load it PRIOR?


Here is what I am going to do and close this question out.  

I realize a refresh is in order, so what I am going to do is redirect the user to another page doing something like so if login is successful:

           Response.Redirect("Success.aspx?URL=" Request.Url.AbsoluteUri)

and then on this page "success.aspx"  have an IMMEDIATE


That insures a successful reload of the page.  I know its kinda DIRTY coding, but I see no other way.  


Just a quick followup, I did what I said and it worked out ok.  So unless anyone has any other suggestions I am going to split points evenly to both "jklNYC" and "raterus"  I just see no other way.


Thanks again for all of the awesome help.  My endeavor is over due to you two so thank you so much!!!
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.