How do I set a server side session cookie in the http header when the cookie is set via an AJAX call

I have created a sign-in in page in which the user enters their email and password. I then take these credentials and pass them server side using a JQuery AJAX call. The server side function then checks the details and if valid will set a session cookie for the user.

The problem I have is that unless I refresh the page the session cookie is not actually recognised on the calling page. Is there any way I can force the http header to update the session cookie without doing the refresh?

The workaround I currently have is that on the AJAX success a simply redirect back to the same page which is effectively a refresh.

The server side script is written in ASP classic but this should not really matter as any server side script language can be used to set the session cookie.

Another solution I am thinking of is to use client side cookies such as https://github.com/carhartl/jquery-cookie. However I would prefer to keep the cookies set server side.
mike99cAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dave BaldwinFixer of ProblemsCommented:
The server can't set anything on a page that has already been sent.  Your work-around is probably the best way to do it.  The only other way is to pass the cookie info back in the AJAX routine and set it with javascript after the AJAX is done.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mike99cAuthor Commented:
Thanks Dave. I have never used client side session cookies before and wanted to know your opinion about this? Are there any security issues with doing it this way rather than server side session cookies?

The only issue I can think of is that if I do set the session client side I will need to pass some IDs back to the server but for security I would have to hash the values rather than use database IDs.
Dave BaldwinFixer of ProblemsCommented:
A session cookie has to come from the server because that is where session data is stored.  Thinking about it, you may simply be able to set the cookie in the response header that comes back to the AJAX routine.  AJAX routines use standard HTTP headers in their requests and responses.
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Get the Guide
mike99cAuthor Commented:
OK this is probably just what I need to do. Do you know how this can be done please?
Dave BaldwinFixer of ProblemsCommented:
Are you talking about something other than the ASPSESSIONID.... cookie?
mike99cAuthor Commented:
Dave BaldwinFixer of ProblemsCommented:
No, that code won't help.  ASPSESSIONID is what I was talking about.  How are you checking in the browser after the page is loaded and the AJAX runs?  My experience is that running any Classic ASP page sets the ASPSESSIONID cookie.
mike99cAuthor Commented:
The session ID is set by the callback handling function. But after it is successful I was hoping to simply read the session as Session("AccountID") but it is empty unless I refresh the page.
Dave BaldwinFixer of ProblemsCommented:
Where do you find Session("AccountID")?  That looks like an ASP variable which isn't even present in the page in the browser.
Dave BaldwinFixer of ProblemsCommented:
This demo page will show the cookies that are set on that server.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
 "http://www.w3.org/TR/html4/loose.dtd">

<html>
<head>
<title>AJAX ASP Cookie test</title>
<script type="text/javascript">
<!--
function showcookies() {
	var xdc = document.cookie;
	document.getElementById("cukkies").innerHTML = xdc;
	}
// -->
</script>
</head>
<body onload="showcookies();">
<h1>AJAX ASP Cookie test</h1>
AJAXASPresponse.asp
<div id="cukkies">??</div>
</body>
</html>

Open in new window

mike99cAuthor Commented:
Thanks for this. I uploaded the demo page to here:
http://www.dressorganic.co.uk/sessioncookies/

I am not sure if it is a complete standalone test but I really don't understand how it works.

However I think the best thing for me to do is set up a very simple standalone test myself to demonstrate my issue. I will send this shortly.
Dave BaldwinFixer of ProblemsCommented:
That just checks to see what cookies are currently set for that browser on that site.  Open a new window in the same browser and run your sign-in page.  After you do the login procedure without refreshing the sign-in in page, go back to the demo page and refresh it to see if the cookie is showing up there.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
AJAX

From novice to tech pro — start learning today.