We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now

x

ASP.NET/VB.NET Cookie Session Problem

chrisryhal
chrisryhal asked
on
Medium Priority
864 Views
Last Modified: 2012-05-06
Visual Studio.NET 2005 / 2.0 Framework
CodeBehind = VB.NET

I have a cookie that is loaded and installed on the users PC when they login using this method:

        Dim aCookie As New HttpCookie("WWOCOOKIE")
        aCookie.Values.Add("GUID", strSessionGuid.ToString)
        aCookie.Values.Add("EMAIL", txtEmail.Text)
        aCookie.Expires = DateTime.Now.AddDays(1)
        Response.Cookies.Add(aCookie)

So if the cookie is present I have a method on the Page.Load event:

        If Request.Cookies("WWOCOOKIE") Is Nothing Then
                TABLE2.Visible = False
        End If

the problem, is that as I am still testing if I go and physically delete the cookie, the table should automatically become visiable again, but that is not hte case unless I exit out of Interne Explorer and go back to the site.  Perhaps I am not handling this correctly?
Comment
Watch Question

Top Expert 2005

Commented:
In this case, deleting the cookie file is only half of what you need to do to truly destroy it.  The cookie is also loaded up into IE's memory, and to get rid of that, you either have to delete through javascript, or close the browser.
Top Expert 2009

Commented:
Is this code enclosed in a 'IsPostBack' block?

If so, move it outside the IsPostBack and then try.

Author

Commented:
Well, killing it with javascript would suffice if you could direct me in the right direction.

And regarding the Page.Load block, I have tried it with IsPostBack and without.  It really should be without IsPostBack because the cookie will sit on the users PC for one day and if they come back, I don't want them to have to log back in if cookie is present.  
Top Expert 2005

Commented:
There are plenty of ways to delete cookies using javascript, here is the first way I found using google.

http://blogs.x2line.com/al/articles/316.aspx

Commented:
keep in mind raterus's first comment. even if you manually delete the cookie, your application may still hold it in memory (in session) until the server session times out or the browser is closed.

also keep in mind that the IE browser may not "reload/refresh" the page every time. by default, it is set to "Check for newer versions of stored pages" automatically. So it's possible that even if the user hits "refresh", the browser is pulling it from cache. having "no-cache" declarations in the <head> section will help (but not totally solve) this issue.

Author

Commented:
Well, I was able to get the cookie to delete but I now I face basically the same problem, just opposite thought.

1)  User goes to website and logs in.  Upon hitting login button SQL script is executed to confirm credentials.  If DR = TRUE then hide TABLE1 or "TABLE1.VISIBLE = FALSE"

2)  However TABLE1.VISIBLE property does not changed to FALSE unless I perform a REFRESH within browser.  Is there a way to FORCE the refresh?  Basically I want a refresh to FORCE upon everyload of hte page.  
Top Expert 2005

Commented:
It sounds like in your situation, you'd be better off loading this type of information into the Session, rather than a cookie.  Cookies are client-side and probably not the best choice for your particular situation.

Author

Commented:
is there an easy way to do that similar to what I already know about cookies?
Top Expert 2005
Commented:
Well the basics of the Session Object are the same...

To set a value
Session("myValue") = 123

to retrieve a value
myValue = Session("myValue")

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
raterus,

Appears the sessions are a little more friendly to me, not to mention its probably more secure.

Problem with the refresh still lies though.  Once user logs in, they still have to hit REFRESH or F5 on keyboard for the action to take effect.  
Top Expert 2005

Commented:
Obviously that shouldn't be required :-)

I would trace your code to see the order which these two lines are called, my guess is you must be setting the variable to control showing/hiding AFTER you read it.

Author

Commented:
SNIPPET is the code on page load.  

Here is the code when pressing the button.   Like I said, seems to work providing a FORCED refresh is performed in the webbrowser after its posted back from the below code:   FYI, just in case and JUST thought of this, this code is on a UserControl on an ASPX page.  I don't know if that might have anything to do with it.  I just thought of that, so please forgive if thats the case but I wouldn't think it would be.

        Dim sConn As String = System.Configuration.ConfigurationSettings.AppSettings("DBCONNECTION")
        Dim sSQL As String
        Dim oConn As SqlConnection
        Dim oDataReader As SqlDataReader
        Dim oCommand As SqlCommand
        oConn = New SqlConnection(sConn)
        oConn.Open()
        sSQL = "SELECT * FROM Users WHERE Email = '" & txtEmail.Text & "' AND Password = '" & txtPassword.Text & "'"
        oCommand = New SqlCommand(sSQL, oConn)
        oDataReader = oCommand.ExecuteReader()
        If oDataReader.Read = True Then
            lblBadLogin.Visible = False
            strSessionGuid = oDataReader("GUID").ToString
           Session("GUID") = strSessionGuid.ToString
        Else
            lblBadLogin.Visible = True
            lblBadLogin.Text = "Username/Password Do Not Match"
        End If
        oDataReader.Close()
        oConn.Close()

    Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
        If Session("GUID") Is Nothing Then
            TABLE1.Visible = True
            TABLE2.Visible = False
        Else
            TABLE1.Visible = False
            TABLE2.Visible = True
        End If
    End Sub

Open in new window

Commented:
If i remember correctly, the Page_Load event is triggered BEFORE the events in the user control, so during page load, your session variable is sill Nothing.

Load order is always a tricky thing, especially with user controls.

Author

Commented:
Ok, understandable and probably correct.  Is there a way to load it PRIOR?

Author

Commented:
Here is what I am going to do and close this question out.  

I realize a refresh is in order, so what I am going to do is redirect the user to another page doing something like so if login is successful:

           Response.Redirect("Success.aspx?URL=" Request.Url.AbsoluteUri)

and then on this page "success.aspx"  have an IMMEDIATE

          Response.Redirect(Request.Querystring("URL"))

That insures a successful reload of the page.  I know its kinda DIRTY coding, but I see no other way.  

Author

Commented:
Just a quick followup, I did what I said and it worked out ok.  So unless anyone has any other suggestions I am going to split points evenly to both "jklNYC" and "raterus"  I just see no other way.

Author

Commented:
Thanks again for all of the awesome help.  My endeavor is over due to you two so thank you so much!!!
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.