Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

ASP.NET/VB.NET Cookie Session Problem

Posted on 2009-02-10
17
Medium Priority
?
837 Views
Last Modified: 2012-05-06
Visual Studio.NET 2005 / 2.0 Framework
CodeBehind = VB.NET

I have a cookie that is loaded and installed on the users PC when they login using this method:

        Dim aCookie As New HttpCookie("WWOCOOKIE")
        aCookie.Values.Add("GUID", strSessionGuid.ToString)
        aCookie.Values.Add("EMAIL", txtEmail.Text)
        aCookie.Expires = DateTime.Now.AddDays(1)
        Response.Cookies.Add(aCookie)

So if the cookie is present I have a method on the Page.Load event:

        If Request.Cookies("WWOCOOKIE") Is Nothing Then
                TABLE2.Visible = False
        End If

the problem, is that as I am still testing if I go and physically delete the cookie, the table should automatically become visiable again, but that is not hte case unless I exit out of Interne Explorer and go back to the site.  Perhaps I am not handling this correctly?
0
Comment
Question by:chrisryhal
  • 9
  • 5
  • 2
  • +1
17 Comments
 
LVL 33

Expert Comment

by:raterus
ID: 23602184
In this case, deleting the cookie file is only half of what you need to do to truly destroy it.  The cookie is also loaded up into IE's memory, and to get rid of that, you either have to delete through javascript, or close the browser.
0
 
LVL 27

Expert Comment

by:nmarun
ID: 23602202
Is this code enclosed in a 'IsPostBack' block?

If so, move it outside the IsPostBack and then try.
0
 
LVL 2

Author Comment

by:chrisryhal
ID: 23602308
Well, killing it with javascript would suffice if you could direct me in the right direction.

And regarding the Page.Load block, I have tried it with IsPostBack and without.  It really should be without IsPostBack because the cookie will sit on the users PC for one day and if they come back, I don't want them to have to log back in if cookie is present.  
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 33

Expert Comment

by:raterus
ID: 23602367
There are plenty of ways to delete cookies using javascript, here is the first way I found using google.

http://blogs.x2line.com/al/articles/316.aspx
0
 
LVL 2

Expert Comment

by:jklNYC
ID: 23602541
keep in mind raterus's first comment. even if you manually delete the cookie, your application may still hold it in memory (in session) until the server session times out or the browser is closed.

also keep in mind that the IE browser may not "reload/refresh" the page every time. by default, it is set to "Check for newer versions of stored pages" automatically. So it's possible that even if the user hits "refresh", the browser is pulling it from cache. having "no-cache" declarations in the <head> section will help (but not totally solve) this issue.
0
 
LVL 2

Author Comment

by:chrisryhal
ID: 23621353
Well, I was able to get the cookie to delete but I now I face basically the same problem, just opposite thought.

1)  User goes to website and logs in.  Upon hitting login button SQL script is executed to confirm credentials.  If DR = TRUE then hide TABLE1 or "TABLE1.VISIBLE = FALSE"

2)  However TABLE1.VISIBLE property does not changed to FALSE unless I perform a REFRESH within browser.  Is there a way to FORCE the refresh?  Basically I want a refresh to FORCE upon everyload of hte page.  
0
 
LVL 33

Expert Comment

by:raterus
ID: 23621860
It sounds like in your situation, you'd be better off loading this type of information into the Session, rather than a cookie.  Cookies are client-side and probably not the best choice for your particular situation.
0
 
LVL 2

Author Comment

by:chrisryhal
ID: 23622038
is there an easy way to do that similar to what I already know about cookies?
0
 
LVL 33

Accepted Solution

by:
raterus earned 1000 total points
ID: 23622056
Well the basics of the Session Object are the same...

To set a value
Session("myValue") = 123

to retrieve a value
myValue = Session("myValue")
0
 
LVL 2

Author Comment

by:chrisryhal
ID: 23622870
raterus,

Appears the sessions are a little more friendly to me, not to mention its probably more secure.

Problem with the refresh still lies though.  Once user logs in, they still have to hit REFRESH or F5 on keyboard for the action to take effect.  
0
 
LVL 33

Expert Comment

by:raterus
ID: 23622948
Obviously that shouldn't be required :-)

I would trace your code to see the order which these two lines are called, my guess is you must be setting the variable to control showing/hiding AFTER you read it.
0
 
LVL 2

Author Comment

by:chrisryhal
ID: 23623044
SNIPPET is the code on page load.  

Here is the code when pressing the button.   Like I said, seems to work providing a FORCED refresh is performed in the webbrowser after its posted back from the below code:   FYI, just in case and JUST thought of this, this code is on a UserControl on an ASPX page.  I don't know if that might have anything to do with it.  I just thought of that, so please forgive if thats the case but I wouldn't think it would be.

        Dim sConn As String = System.Configuration.ConfigurationSettings.AppSettings("DBCONNECTION")
        Dim sSQL As String
        Dim oConn As SqlConnection
        Dim oDataReader As SqlDataReader
        Dim oCommand As SqlCommand
        oConn = New SqlConnection(sConn)
        oConn.Open()
        sSQL = "SELECT * FROM Users WHERE Email = '" & txtEmail.Text & "' AND Password = '" & txtPassword.Text & "'"
        oCommand = New SqlCommand(sSQL, oConn)
        oDataReader = oCommand.ExecuteReader()
        If oDataReader.Read = True Then
            lblBadLogin.Visible = False
            strSessionGuid = oDataReader("GUID").ToString
           Session("GUID") = strSessionGuid.ToString
        Else
            lblBadLogin.Visible = True
            lblBadLogin.Text = "Username/Password Do Not Match"
        End If
        oDataReader.Close()
        oConn.Close()

    Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
        If Session("GUID") Is Nothing Then
            TABLE1.Visible = True
            TABLE2.Visible = False
        Else
            TABLE1.Visible = False
            TABLE2.Visible = True
        End If
    End Sub

Open in new window

0
 
LVL 2

Assisted Solution

by:jklNYC
jklNYC earned 1000 total points
ID: 23623138
If i remember correctly, the Page_Load event is triggered BEFORE the events in the user control, so during page load, your session variable is sill Nothing.

Load order is always a tricky thing, especially with user controls.
0
 
LVL 2

Author Comment

by:chrisryhal
ID: 23623196
Ok, understandable and probably correct.  Is there a way to load it PRIOR?
0
 
LVL 2

Author Comment

by:chrisryhal
ID: 23623280
Here is what I am going to do and close this question out.  

I realize a refresh is in order, so what I am going to do is redirect the user to another page doing something like so if login is successful:

           Response.Redirect("Success.aspx?URL=" Request.Url.AbsoluteUri)

and then on this page "success.aspx"  have an IMMEDIATE

          Response.Redirect(Request.Querystring("URL"))

That insures a successful reload of the page.  I know its kinda DIRTY coding, but I see no other way.  
0
 
LVL 2

Author Comment

by:chrisryhal
ID: 23623354
Just a quick followup, I did what I said and it worked out ok.  So unless anyone has any other suggestions I am going to split points evenly to both "jklNYC" and "raterus"  I just see no other way.
0
 
LVL 2

Author Closing Comment

by:chrisryhal
ID: 31545092
Thanks again for all of the awesome help.  My endeavor is over due to you two so thank you so much!!!
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this Article, I will provide a few tips in problem and solution manner. Opening an ASPX page in Visual studio 2003 is very slow. To make it fast, please do follow below steps:   Open the Solution/Project. Right click the ASPX file to b…
IntroductionWhile developing web applications, a single page might contain many regions and each region might contain many number of controls with the capability to perform  postback. Many times you might need to perform some action on an ASP.NET po…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question