Creating Cookies in Classic ASP Site

Bob Schneider
Bob Schneider used Ask the Experts™
on
I want to create cookies for a Remember Me functionality on http://www.gtraxc.com/login.asp

Here is how I create the cookie:
            If Request.Form.Item("remember-me") = "on" Then
                Response.Cookies("user_name") = sUserName
                Response.Cookies("password") = sPassword
            End If

Open in new window


Here is where I retrieve it:
sUserName = Request.Cookies("user_name")
sPassword = Request.Cookies("password")

Open in new window


And here is how I attempt to place it in the appropriate form item values:
                                <fieldset class="form-group position-relative has-icon-left">
                                    <input type="text" class="form-control form-control-lg input-lg" 
                                    name="user_name" id="user_name" placeholder="Your User Name" required=""
                                    value="<%=sUserName%>">
                                    <div class="form-control-position">
                                        <i class="icon-head"></i>
                                    </div>
                                </fieldset>
                                <fieldset class="form-group position-relative has-icon-left">
                                    <input type="password" class="form-control form-control-lg input-lg" 
                                    name="password" id="user-password" placeholder="Enter Password" required=""
                                    value="<%=sPassword%>" aria-invalid="false">
                                    <div class="form-control-position">
                                        <i class="icon-key3"></i>
                                    </div>
                                </fieldset>

Open in new window


It does not appear to be working.  Any help would be much appreciated.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
You do not specify the expiration date. So, once the user closes the browser your cookies will disappear.
Try to trace the cookie creation and posting back using the F12 developer tool or Telerik Fiddler.
Bob SchneiderCo-Owner

Author

Commented:
Thank you.  What is a reasonable expiration time limit for cookies?  Is there an industry standard?
I am not aware of a standard. I usually set that to a month.
Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

Most Valuable Expert 2017
Distinguished Expert 2018

Commented:
No there is no standard as it is highly dependent on use case.

Setting an expiration time is optional - if you don't set it the cookie dies with the session (when you close the browser) - for some applications that is desirable.

A remember me does not fall into that category.

You need to decide how long you want to remember a user for (day, week, month) - I usually set it for a month and refresh it on logon.
Bob SchneiderCo-Owner

Author

Commented:
I can't seem to get the user name and password box to populate.  Here is how I am creating the cookies now:
                Response.Cookies("user_name") = sUserName
                Response.Cookies("password") = sPassword

                Response.Cookies("user_name").Expires=#March 1, 2020#
                Response.Cookies("password").Expires=#March 1, 2020#

Open in new window


Also, can I incorporate a variable into the expiration?  Something like Date + 30
Developer & EE Moderator
Fellow 2018
Most Valuable Expert 2013
Commented:
Bob,I have an article on a log in with classic asp https://www.experts-exchange.com/articles/18259/Classic-ASP-Login-System-Utilizing-a-Token.html

What I am doing here is creating a hash that is stored as a cookie and also in the database. When your app finds the cookie, then matches it with the row of data in a db, you can check for an expiration in the db. Of course this means your cookie will also need an expiration date too. Either a month out or more.

Don't store a username and password in the cookie. Remember that is clear text and anybody can view it that has access to the computer.
 Response.Cookies("user_name") = sUserName
                Response.Cookies("password") = sPassword

Open in new window

That is why the idea of just storing a token you can match up is a good idea. The personal info is in the db and not where others can view it.

As far as expiring your cookies.  Create a function that figures out how long you want the cookie to last using dateAdd https://www.w3schools.com/ASP/func_dateadd.asp. Place the date into a new variable and use that for your expires.
                
	'set token in cookie and log in table for 1 hour
	token_expires = dateAdd("n",login_session_minutes,now)
	token = sha256(now&zUserName&secret_key)
	Response.Cookies("domaintoken")=token
	Response.Cookies("domaintoken").Expires=cdate(token_expires)

Open in new window

Instead of hard coding, you can use a variable.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial