How do I set a server side session cookie in the http header when the cookie is set via an AJAX call

mike99c
mike99c used Ask the Experts™
on
I have created a sign-in in page in which the user enters their email and password. I then take these credentials and pass them server side using a JQuery AJAX call. The server side function then checks the details and if valid will set a session cookie for the user.

The problem I have is that unless I refresh the page the session cookie is not actually recognised on the calling page. Is there any way I can force the http header to update the session cookie without doing the refresh?

The workaround I currently have is that on the AJAX success a simply redirect back to the same page which is effectively a refresh.

The server side script is written in ASP classic but this should not really matter as any server side script language can be used to set the session cookie.

Another solution I am thinking of is to use client side cookies such as https://github.com/carhartl/jquery-cookie. However I would prefer to keep the cookies set server side.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Fixer of Problems
Most Valuable Expert 2014
Commented:
The server can't set anything on a page that has already been sent.  Your work-around is probably the best way to do it.  The only other way is to pass the cookie info back in the AJAX routine and set it with javascript after the AJAX is done.

Author

Commented:
Thanks Dave. I have never used client side session cookies before and wanted to know your opinion about this? Are there any security issues with doing it this way rather than server side session cookies?

The only issue I can think of is that if I do set the session client side I will need to pass some IDs back to the server but for security I would have to hash the values rather than use database IDs.
Dave BaldwinFixer of Problems
Most Valuable Expert 2014

Commented:
A session cookie has to come from the server because that is where session data is stored.  Thinking about it, you may simply be able to set the cookie in the response header that comes back to the AJAX routine.  AJAX routines use standard HTTP headers in their requests and responses.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
OK this is probably just what I need to do. Do you know how this can be done please?
Dave BaldwinFixer of Problems
Most Valuable Expert 2014

Commented:
Are you talking about something other than the ASPSESSIONID.... cookie?

Author

Commented:
Dave BaldwinFixer of Problems
Most Valuable Expert 2014

Commented:
No, that code won't help.  ASPSESSIONID is what I was talking about.  How are you checking in the browser after the page is loaded and the AJAX runs?  My experience is that running any Classic ASP page sets the ASPSESSIONID cookie.

Author

Commented:
The session ID is set by the callback handling function. But after it is successful I was hoping to simply read the session as Session("AccountID") but it is empty unless I refresh the page.
Dave BaldwinFixer of Problems
Most Valuable Expert 2014

Commented:
Where do you find Session("AccountID")?  That looks like an ASP variable which isn't even present in the page in the browser.
Dave BaldwinFixer of Problems
Most Valuable Expert 2014
Commented:
This demo page will show the cookies that are set on that server.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
 "http://www.w3.org/TR/html4/loose.dtd">

<html>
<head>
<title>AJAX ASP Cookie test</title>
<script type="text/javascript">
<!--
function showcookies() {
	var xdc = document.cookie;
	document.getElementById("cukkies").innerHTML = xdc;
	}
// -->
</script>
</head>
<body onload="showcookies();">
<h1>AJAX ASP Cookie test</h1>
AJAXASPresponse.asp
<div id="cukkies">??</div>
</body>
</html>

Open in new window

Author

Commented:
Thanks for this. I uploaded the demo page to here:
http://www.dressorganic.co.uk/sessioncookies/

I am not sure if it is a complete standalone test but I really don't understand how it works.

However I think the best thing for me to do is set up a very simple standalone test myself to demonstrate my issue. I will send this shortly.
Dave BaldwinFixer of Problems
Most Valuable Expert 2014

Commented:
That just checks to see what cookies are currently set for that browser on that site.  Open a new window in the same browser and run your sign-in page.  After you do the login procedure without refreshing the sign-in in page, go back to the demo page and refresh it to see if the cookie is showing up there.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial