Cookie Not Being Created on Client Side with ASP

Discussion in 'ASP General' started by Hannibal, Aug 24, 2007.

  1. Hannibal

    Hannibal Guest

    Hi All,

    The below code use to work on my Win2K3 IIS6. for for some unknown
    reason it`s no longer working. here the code.

    Session("LOGIN_USER_ID") = UserID

    ' Update the cookie if the login is successful
    Response.Buffer = True
    Response.Cookies(strAppRoot).Domain = strHelpdeskServer
    Response.Cookies(strAppRoot) = UserID

    ' If the logged in user has administrative privileges, I will
    redirect
    'to an admin screen where the user can make administrative changes.

    'see if the user logging in is the admin
    sSQLCmd2 = "SELECT USER_ID FROM USERS WHERE ADMINISTRATOR = 1 AND
    USER_ID Like '%" & UserId & "%'"
    Set rst2 = Server.CreateObject("ADODB.Recordset")
    rst2.Open sSQLCmd2, oDatabaseConn,adOpenForwardOnly, adLockReadOnly,
    adCmdText

    if not rst2.EOF then
    rst2.MoveFirst
    adminId = rst2("USER_ID")
    adminId = trim(adminId)
    end if
    rst2.Close
    set rst2 = Nothing

    if trim(UserID) = adminId then
    Session("USER_TYPE") = "Administrator"
    else 'the user is not the admin...set the user type and redirect
    Session("USER_TYPE") = "User"
    end if
    Session.Timeout=30 'set the time out for 30 minutes on the session

    sSQLCmd3 = "UPDATE [USERS] SET USER_LASTLOGON='" & Cstr(Now()) & "'
    WHERE USER_ID = '" & UserID & "'"
    oDatabaseConn.Execute sSQLCmd3
    Response.Redirect ("home.asp")

    I`m not a programmer, I only support the site. But since the original
    programmer is gone, I`m the one who has to fix this.

    I`m thinking that it may come from a IIS 6 security setting or Windows
    Update. My client browser work fine, I get cookie from other site.
    Also, I've added my IIS Server to the trusted Sites and added the web
    site to accept all cookie.

    Also, I try to set IIS 6 to run in IIS 5.0 isolation mode.

    I`m running out of idea. If anyone could shed some light it would be
    really appreciated

    Cheers,

    Hannibal
    Hannibal, Aug 24, 2007
    #1
    1. Advertising

  2. Hannibal

    Hannibal Guest

    I wanted to add this as well...

    I`ve created a test page that would just creat a cookie. here is the
    code. This is not working as well

    <%
    Response.Cookies("mycookie") = "testcookie"
    Response.Cookies("mycookie").Domain = "developer.be"
    Response.Cookies("mycookie").Secure = "False"
    Response.Cookies("mycookie").Expires = "January 2, 1997"
    %>

    <html>
    <body>

    </body>
    </html>


    cheers
    Hannibal
    Hannibal, Aug 24, 2007
    #2
    1. Advertising

  3. "Hannibal" <> wrote in message
    news:...
    > Hi All,
    >
    > The below code use to work on my Win2K3 IIS6. for for some unknown
    > reason it`s no longer working. here the code.
    >
    > Session("LOGIN_USER_ID") = UserID
    >
    > ' Update the cookie if the login is successful
    > Response.Buffer = True
    > Response.Cookies(strAppRoot).Domain = strHelpdeskServer
    > Response.Cookies(strAppRoot) = UserID
    >
    > ' If the logged in user has administrative privileges, I will
    > redirect
    > 'to an admin screen where the user can make administrative changes.
    >
    > 'see if the user logging in is the admin
    > sSQLCmd2 = "SELECT USER_ID FROM USERS WHERE ADMINISTRATOR = 1 AND
    > USER_ID Like '%" & UserId & "%'"
    > Set rst2 = Server.CreateObject("ADODB.Recordset")
    > rst2.Open sSQLCmd2, oDatabaseConn,adOpenForwardOnly, adLockReadOnly,
    > adCmdText
    >
    > if not rst2.EOF then
    > rst2.MoveFirst
    > adminId = rst2("USER_ID")
    > adminId = trim(adminId)
    > end if
    > rst2.Close
    > set rst2 = Nothing
    >
    > if trim(UserID) = adminId then
    > Session("USER_TYPE") = "Administrator"
    > else 'the user is not the admin...set the user type and redirect
    > Session("USER_TYPE") = "User"
    > end if
    > Session.Timeout=30 'set the time out for 30 minutes on the session
    >
    > sSQLCmd3 = "UPDATE [USERS] SET USER_LASTLOGON='" & Cstr(Now()) & "'
    > WHERE USER_ID = '" & UserID & "'"
    > oDatabaseConn.Execute sSQLCmd3
    > Response.Redirect ("home.asp")
    >
    > I`m not a programmer, I only support the site. But since the original
    > programmer is gone, I`m the one who has to fix this.
    >
    > I`m thinking that it may come from a IIS 6 security setting or Windows
    > Update. My client browser work fine, I get cookie from other site.
    > Also, I've added my IIS Server to the trusted Sites and added the web
    > site to accept all cookie.
    >
    > Also, I try to set IIS 6 to run in IIS 5.0 isolation mode.
    >
    > I`m running out of idea. If anyone could shed some light it would be
    > really appreciated
    >



    How do you know it's "not working"? The cookie is only a session cookie so
    you won't find it in a permenant cookie store.

    What has changed?

    This line:-

    Response.Cookies(strAppRoot).Domain = strHelpdeskServer

    is designed to make the cookie valid for the one of the domains that host
    belongs to. For example if the site is:-

    www.mydomain.com

    then the domain can be set to "mydomain.com". Assuming that the application
    is in the root of the web the cookie will be sent to any host in the
    mydomain.com domain.

    If the value in strHelpdeskServer no longer matches this pattern (e.g, the
    domain the server is i presented in no longer matches the contents of
    strHelpdeskServer) then the browser will reject the cookie.


    --
    Anthony Jones - MVP ASP/ASP.NET
    Anthony Jones, Aug 24, 2007
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Boss302
    Replies:
    0
    Views:
    1,020
    Boss302
    Nov 21, 2006
  2. Bogdan
    Replies:
    2
    Views:
    637
    Bogdan
    Jun 9, 2008
  3. Andres Denkberg

    Cookie not always created in client

    Andres Denkberg, Jul 24, 2003, in forum: ASP .Net Security
    Replies:
    0
    Views:
    145
    Andres Denkberg
    Jul 24, 2003
  4. Zoe Hart
    Replies:
    1
    Views:
    345
    Scott Wisniewski
    Jan 8, 2004
  5. JT
    Replies:
    5
    Views:
    130
    Ray Costanzo [MVP]
    Sep 10, 2004
Loading...

Share This Page