Avatar of mike99c
mike99c
 asked on

How do I set a server side session cookie in the http header when the cookie is set via an AJAX call

I have created a sign-in in page in which the user enters their email and password. I then take these credentials and pass them server side using a JQuery AJAX call. The server side function then checks the details and if valid will set a session cookie for the user.

The problem I have is that unless I refresh the page the session cookie is not actually recognised on the calling page. Is there any way I can force the http header to update the session cookie without doing the refresh?

The workaround I currently have is that on the AJAX success a simply redirect back to the same page which is effectively a refresh.

The server side script is written in ASP classic but this should not really matter as any server side script language can be used to set the session cookie.

Another solution I am thinking of is to use client side cookies such as https://github.com/carhartl/jquery-cookie. However I would prefer to keep the cookies set server side.
AJAXJavaScript

Avatar of undefined
Last Comment
Dave Baldwin

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
Dave Baldwin

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
mike99c

ASKER
Thanks Dave. I have never used client side session cookies before and wanted to know your opinion about this? Are there any security issues with doing it this way rather than server side session cookies?

The only issue I can think of is that if I do set the session client side I will need to pass some IDs back to the server but for security I would have to hash the values rather than use database IDs.
Dave Baldwin

A session cookie has to come from the server because that is where session data is stored.  Thinking about it, you may simply be able to set the cookie in the response header that comes back to the AJAX routine.  AJAX routines use standard HTTP headers in their requests and responses.
mike99c

ASKER
OK this is probably just what I need to do. Do you know how this can be done please?
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
Dave Baldwin

Are you talking about something other than the ASPSESSIONID.... cookie?
mike99c

ASKER
Dave Baldwin

No, that code won't help.  ASPSESSIONID is what I was talking about.  How are you checking in the browser after the page is loaded and the AJAX runs?  My experience is that running any Classic ASP page sets the ASPSESSIONID cookie.
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
mike99c

ASKER
The session ID is set by the callback handling function. But after it is successful I was hoping to simply read the session as Session("AccountID") but it is empty unless I refresh the page.
Dave Baldwin

Where do you find Session("AccountID")?  That looks like an ASP variable which isn't even present in the page in the browser.
SOLUTION
Dave Baldwin

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
mike99c

ASKER
Thanks for this. I uploaded the demo page to here:
http://www.dressorganic.co.uk/sessioncookies/

I am not sure if it is a complete standalone test but I really don't understand how it works.

However I think the best thing for me to do is set up a very simple standalone test myself to demonstrate my issue. I will send this shortly.
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
Dave Baldwin

That just checks to see what cookies are currently set for that browser on that site.  Open a new window in the same browser and run your sign-in page.  After you do the login procedure without refreshing the sign-in in page, go back to the demo page and refresh it to see if the cookie is showing up there.