ASP.NET/VB.NET Cookie Session Problem

Visual Studio.NET 2005 / 2.0 Framework
CodeBehind = VB.NET

I have a cookie that is loaded and installed on the users PC when they login using this method:

        Dim aCookie As New HttpCookie("WWOCOOKIE")
        aCookie.Values.Add("GUID", strSessionGuid.ToString)
        aCookie.Values.Add("EMAIL", txtEmail.Text)
        aCookie.Expires = DateTime.Now.AddDays(1)
        Response.Cookies.Add(aCookie)

So if the cookie is present I have a method on the Page.Load event:

        If Request.Cookies("WWOCOOKIE") Is Nothing Then
                TABLE2.Visible = False
        End If

the problem, is that as I am still testing if I go and physically delete the cookie, the table should automatically become visiable again, but that is not hte case unless I exit out of Interne Explorer and go back to the site.  Perhaps I am not handling this correctly?
LVL 2
chrisryhalAsked:
Who is Participating?
 
raterusCommented:
Well the basics of the Session Object are the same...

To set a value
Session("myValue") = 123

to retrieve a value
myValue = Session("myValue")
0
 
raterusCommented:
In this case, deleting the cookie file is only half of what you need to do to truly destroy it.  The cookie is also loaded up into IE's memory, and to get rid of that, you either have to delete through javascript, or close the browser.
0
 
nmarunCommented:
Is this code enclosed in a 'IsPostBack' block?

If so, move it outside the IsPostBack and then try.
0
Cloud Class® Course: SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

 
chrisryhalAuthor Commented:
Well, killing it with javascript would suffice if you could direct me in the right direction.

And regarding the Page.Load block, I have tried it with IsPostBack and without.  It really should be without IsPostBack because the cookie will sit on the users PC for one day and if they come back, I don't want them to have to log back in if cookie is present.  
0
 
raterusCommented:
There are plenty of ways to delete cookies using javascript, here is the first way I found using google.

http://blogs.x2line.com/al/articles/316.aspx
0
 
jklNYCCommented:
keep in mind raterus's first comment. even if you manually delete the cookie, your application may still hold it in memory (in session) until the server session times out or the browser is closed.

also keep in mind that the IE browser may not "reload/refresh" the page every time. by default, it is set to "Check for newer versions of stored pages" automatically. So it's possible that even if the user hits "refresh", the browser is pulling it from cache. having "no-cache" declarations in the <head> section will help (but not totally solve) this issue.
0
 
chrisryhalAuthor Commented:
Well, I was able to get the cookie to delete but I now I face basically the same problem, just opposite thought.

1)  User goes to website and logs in.  Upon hitting login button SQL script is executed to confirm credentials.  If DR = TRUE then hide TABLE1 or "TABLE1.VISIBLE = FALSE"

2)  However TABLE1.VISIBLE property does not changed to FALSE unless I perform a REFRESH within browser.  Is there a way to FORCE the refresh?  Basically I want a refresh to FORCE upon everyload of hte page.  
0
 
raterusCommented:
It sounds like in your situation, you'd be better off loading this type of information into the Session, rather than a cookie.  Cookies are client-side and probably not the best choice for your particular situation.
0
 
chrisryhalAuthor Commented:
is there an easy way to do that similar to what I already know about cookies?
0
 
chrisryhalAuthor Commented:
raterus,

Appears the sessions are a little more friendly to me, not to mention its probably more secure.

Problem with the refresh still lies though.  Once user logs in, they still have to hit REFRESH or F5 on keyboard for the action to take effect.  
0
 
raterusCommented:
Obviously that shouldn't be required :-)

I would trace your code to see the order which these two lines are called, my guess is you must be setting the variable to control showing/hiding AFTER you read it.
0
 
chrisryhalAuthor Commented:
SNIPPET is the code on page load.  

Here is the code when pressing the button.   Like I said, seems to work providing a FORCED refresh is performed in the webbrowser after its posted back from the below code:   FYI, just in case and JUST thought of this, this code is on a UserControl on an ASPX page.  I don't know if that might have anything to do with it.  I just thought of that, so please forgive if thats the case but I wouldn't think it would be.

        Dim sConn As String = System.Configuration.ConfigurationSettings.AppSettings("DBCONNECTION")
        Dim sSQL As String
        Dim oConn As SqlConnection
        Dim oDataReader As SqlDataReader
        Dim oCommand As SqlCommand
        oConn = New SqlConnection(sConn)
        oConn.Open()
        sSQL = "SELECT * FROM Users WHERE Email = '" & txtEmail.Text & "' AND Password = '" & txtPassword.Text & "'"
        oCommand = New SqlCommand(sSQL, oConn)
        oDataReader = oCommand.ExecuteReader()
        If oDataReader.Read = True Then
            lblBadLogin.Visible = False
            strSessionGuid = oDataReader("GUID").ToString
           Session("GUID") = strSessionGuid.ToString
        Else
            lblBadLogin.Visible = True
            lblBadLogin.Text = "Username/Password Do Not Match"
        End If
        oDataReader.Close()
        oConn.Close()

    Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
        If Session("GUID") Is Nothing Then
            TABLE1.Visible = True
            TABLE2.Visible = False
        Else
            TABLE1.Visible = False
            TABLE2.Visible = True
        End If
    End Sub

Open in new window

0
 
jklNYCCommented:
If i remember correctly, the Page_Load event is triggered BEFORE the events in the user control, so during page load, your session variable is sill Nothing.

Load order is always a tricky thing, especially with user controls.
0
 
chrisryhalAuthor Commented:
Ok, understandable and probably correct.  Is there a way to load it PRIOR?
0
 
chrisryhalAuthor Commented:
Here is what I am going to do and close this question out.  

I realize a refresh is in order, so what I am going to do is redirect the user to another page doing something like so if login is successful:

           Response.Redirect("Success.aspx?URL=" Request.Url.AbsoluteUri)

and then on this page "success.aspx"  have an IMMEDIATE

          Response.Redirect(Request.Querystring("URL"))

That insures a successful reload of the page.  I know its kinda DIRTY coding, but I see no other way.  
0
 
chrisryhalAuthor Commented:
Just a quick followup, I did what I said and it worked out ok.  So unless anyone has any other suggestions I am going to split points evenly to both "jklNYC" and "raterus"  I just see no other way.
0
 
chrisryhalAuthor Commented:
Thanks again for all of the awesome help.  My endeavor is over due to you two so thank you so much!!!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.