Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!
How do I set a server side session cookie in the http header when the cookie is set via an AJAX call
I have created a sign-in in page in which the user enters their email and password. I then take these credentials and pass them server side using a JQuery AJAX call. The server side function then checks the details and if valid will set a session cookie for the user.
The problem I have is that unless I refresh the page the session cookie is not actually recognised on the calling page. Is there any way I can force the http header to update the session cookie without doing the refresh?
The workaround I currently have is that on the AJAX success a simply redirect back to the same page which is effectively a refresh.
The server side script is written in ASP classic but this should not really matter as any server side script language can be used to set the session cookie.
Another solution I am thinking of is to use client side cookies such as https://github.com/carhartl/jquery-cookie. However I would prefer to keep the cookies set server side.
The problem I have is that unless I refresh the page the session cookie is not actually recognised on the calling page. Is there any way I can force the http header to update the session cookie without doing the refresh?
The workaround I currently have is that on the AJAX success a simply redirect back to the same page which is effectively a refresh.
The server side script is written in ASP classic but this should not really matter as any server side script language can be used to set the session cookie.
Another solution I am thinking of is to use client side cookies such as https://github.com/carhartl/jquery-cookie. However I would prefer to keep the cookies set server side.
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
The server can't set anything on a page that has already been sent. Your work-around is probably the best way to do it. The only other way is to pass the cookie info back in the AJAX routine and set it with javascript after the AJAX is done.
Thanks Dave. I have never used client side session cookies before and wanted to know your opinion about this? Are there any security issues with doing it this way rather than server side session cookies?
The only issue I can think of is that if I do set the session client side I will need to pass some IDs back to the server but for security I would have to hash the values rather than use database IDs.
The only issue I can think of is that if I do set the session client side I will need to pass some IDs back to the server but for security I would have to hash the values rather than use database IDs.
A session cookie has to come from the server because that is where session data is stored. Thinking about it, you may simply be able to set the cookie in the response header that comes back to the AJAX routine. AJAX routines use standard HTTP headers in their requests and responses.
No I mean the ASPSESSIONID.
Does this cover it?
http://stackoverflow.com/questions/12968611/jquery-ajax-reponse-set-cookie-header
Does this cover it?
http://stackoverflow.com/questions/12968611/jquery-ajax-reponse-set-cookie-header
No, that code won't help. ASPSESSIONID is what I was talking about. How are you checking in the browser after the page is loaded and the AJAX runs? My experience is that running any Classic ASP page sets the ASPSESSIONID cookie.
The session ID is set by the callback handling function. But after it is successful I was hoping to simply read the session as Session("AccountID") but it is empty unless I refresh the page.
Where do you find Session("AccountID")? That looks like an ASP variable which isn't even present in the page in the browser.
This demo page will show the cookies that are set on that server.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>AJAX ASP Cookie test</title>
<script type="text/javascript">
<!--
function showcookies() {
var xdc = document.cookie;
document.getElementById("cukkies").innerHTML = xdc;
}
// -->
</script>
</head>
<body onload="showcookies();">
<h1>AJAX ASP Cookie test</h1>
AJAXASPresponse.asp
<div id="cukkies">??</div>
</body>
</html>
Thanks for this. I uploaded the demo page to here:
http://www.dressorganic.co.uk/sessioncookies/
I am not sure if it is a complete standalone test but I really don't understand how it works.
However I think the best thing for me to do is set up a very simple standalone test myself to demonstrate my issue. I will send this shortly.
http://www.dressorganic.co.uk/sessioncookies/
I am not sure if it is a complete standalone test but I really don't understand how it works.
However I think the best thing for me to do is set up a very simple standalone test myself to demonstrate my issue. I will send this shortly.
That just checks to see what cookies are currently set for that browser on that site. Open a new window in the same browser and run your sign-in page. After you do the login procedure without refreshing the sign-in in page, go back to the demo page and refresh it to see if the cookie is showing up there.
Premium Content
You need an Expert Office subscription to comment.Start Free Trial