Cookie Not Being Created on Client Side with ASP

Cookie Not Being Created on Client Side with ASP

am 24.08.2007 14:52:11 von Hannibal

Hi All,

The below code use to work on my Win2K3 IIS6. for for some unknown
reason it`s no longer working. here the code.

Session("LOGIN_USER_ID") = UserID

' Update the cookie if the login is successful
Response.Buffer = True
Response.Cookies(strAppRoot).Domain = strHelpdeskServer
Response.Cookies(strAppRoot) = UserID

' If the logged in user has administrative privileges, I will
redirect
'to an admin screen where the user can make administrative changes.

'see if the user logging in is the admin
sSQLCmd2 = "SELECT USER_ID FROM USERS WHERE ADMINISTRATOR = 1 AND
USER_ID Like '%" & UserId & "%'"
Set rst2 = Server.CreateObject("ADODB.Recordset")
rst2.Open sSQLCmd2, oDatabaseConn,adOpenForwardOnly, adLockReadOnly,
adCmdText

if not rst2.EOF then
rst2.MoveFirst
adminId = rst2("USER_ID")
adminId = trim(adminId)
end if
rst2.Close
set rst2 = Nothing

if trim(UserID) = adminId then
Session("USER_TYPE") = "Administrator"
else 'the user is not the admin...set the user type and redirect
Session("USER_TYPE") = "User"
end if
Session.Timeout=30 'set the time out for 30 minutes on the session

sSQLCmd3 = "UPDATE [USERS] SET USER_LASTLOGON='" & Cstr(Now()) & "'
WHERE USER_ID = '" & UserID & "'"
oDatabaseConn.Execute sSQLCmd3
Response.Redirect ("home.asp")

I`m not a programmer, I only support the site. But since the original
programmer is gone, I`m the one who has to fix this.

I`m thinking that it may come from a IIS 6 security setting or Windows
Update. My client browser work fine, I get cookie from other site.
Also, I've added my IIS Server to the trusted Sites and added the web
site to accept all cookie.

Also, I try to set IIS 6 to run in IIS 5.0 isolation mode.

I`m running out of idea. If anyone could shed some light it would be
really appreciated

Cheers,

Hannibal

Re: Cookie Not Being Created on Client Side with ASP

am 24.08.2007 14:56:24 von Hannibal

I wanted to add this as well...

I`ve created a test page that would just creat a cookie. here is the
code. This is not working as well

<%
Response.Cookies("mycookie") = "testcookie"
Response.Cookies("mycookie").Domain = "developer.be"
Response.Cookies("mycookie").Secure = "False"
Response.Cookies("mycookie").Expires = "January 2, 1997"
%>








cheers
Hannibal

Re: Cookie Not Being Created on Client Side with ASP

am 24.08.2007 16:32:54 von Anthony Jones

"Hannibal" wrote in message
news:1187959931.902714.23430@q5g2000prf.googlegroups.com...
> Hi All,
>
> The below code use to work on my Win2K3 IIS6. for for some unknown
> reason it`s no longer working. here the code.
>
> Session("LOGIN_USER_ID") = UserID
>
> ' Update the cookie if the login is successful
> Response.Buffer = True
> Response.Cookies(strAppRoot).Domain = strHelpdeskServer
> Response.Cookies(strAppRoot) = UserID
>
> ' If the logged in user has administrative privileges, I will
> redirect
> 'to an admin screen where the user can make administrative changes.
>
> 'see if the user logging in is the admin
> sSQLCmd2 = "SELECT USER_ID FROM USERS WHERE ADMINISTRATOR = 1 AND
> USER_ID Like '%" & UserId & "%'"
> Set rst2 = Server.CreateObject("ADODB.Recordset")
> rst2.Open sSQLCmd2, oDatabaseConn,adOpenForwardOnly, adLockReadOnly,
> adCmdText
>
> if not rst2.EOF then
> rst2.MoveFirst
> adminId = rst2("USER_ID")
> adminId = trim(adminId)
> end if
> rst2.Close
> set rst2 = Nothing
>
> if trim(UserID) = adminId then
> Session("USER_TYPE") = "Administrator"
> else 'the user is not the admin...set the user type and redirect
> Session("USER_TYPE") = "User"
> end if
> Session.Timeout=30 'set the time out for 30 minutes on the session
>
> sSQLCmd3 = "UPDATE [USERS] SET USER_LASTLOGON='" & Cstr(Now()) & "'
> WHERE USER_ID = '" & UserID & "'"
> oDatabaseConn.Execute sSQLCmd3
> Response.Redirect ("home.asp")
>
> I`m not a programmer, I only support the site. But since the original
> programmer is gone, I`m the one who has to fix this.
>
> I`m thinking that it may come from a IIS 6 security setting or Windows
> Update. My client browser work fine, I get cookie from other site.
> Also, I've added my IIS Server to the trusted Sites and added the web
> site to accept all cookie.
>
> Also, I try to set IIS 6 to run in IIS 5.0 isolation mode.
>
> I`m running out of idea. If anyone could shed some light it would be
> really appreciated
>


How do you know it's "not working"? The cookie is only a session cookie so
you won't find it in a permenant cookie store.

What has changed?

This line:-

Response.Cookies(strAppRoot).Domain = strHelpdeskServer

is designed to make the cookie valid for the one of the domains that host
belongs to. For example if the site is:-

www.mydomain.com

then the domain can be set to "mydomain.com". Assuming that the application
is in the root of the web the cookie will be sent to any host in the
mydomain.com domain.

If the value in strHelpdeskServer no longer matches this pattern (e.g, the
domain the server is i presented in no longer matches the contents of
strHelpdeskServer) then the browser will reject the cookie.


--
Anthony Jones - MVP ASP/ASP.NET