cookie test?

[George Hester]

I have always used this in ASP to test if the client is accepting cookies:

<%@language="VBScript"%>
<%
Session ("nc") = 1
If Len(Session("nc")) = 0 Then
'Cookies Off
Else
'Cookies On
End If
%>

But I only ever tested it in Microsoft Internet Explorer 6 though not sure. Anyway with Microsoft Internet Explorer 5.5 SP2 Len(Session("nc")) <> 0 always whether cookies are on or off. Can anyone suggest a better cookie test that will work in most browsers? Thanks.

 

[Ray at]

See here. http://www.aspfaq.com/show.asp?id=2058

Ray at work

I have always used this in ASP to test if the client is accepting cookies:

<%@language="VBScript"%>
<%
Session ("nc") = 1
If Len(Session("nc")) = 0 Then
'Cookies Off
Else
'Cookies On
End If
%>

But I only ever tested it in Microsoft Internet Explorer 6 though not sure.
Anyway with Microsoft Internet Explorer 5.5 SP2 Len(Session("nc")) <> 0
always whether cookies are on or off. Can anyone suggest a better cookie
test that will work in most browsers? Thanks.

 

[George Hester]

Thanks on the phone now:

http://support.microsoft.com/default.aspx?scid=kb;en-us;323332

 

[George Hester]

Well it looks like the only way to fix this perpetual ASP session is by going to SP4 in Windows 2000. Oh man. I was told that SP4 and MDAC 2.8 are NOT stable. All I know is that the last time I installed SP4 I didn't like the result. Thankfully I am not at MDAC 2.8. Well here goes or I might chicken out and go back to that method you pointed out. I used to do it that way but I found the Session without bouncing around to ASP pages to be the cleanest method. I think I'm going to that. SP4 is just too risky at this time. You know this takes almost a complete redesign of the site again becuase I use ASP session throughout.

 

[Roland Hall]

:
Well it looks like the only way to fix this perpetual ASP session is by
going to SP4 in Windows 2000. Oh man. I was told that SP4 and MDAC 2.8 are
NOT stable.

FWIW... I'm using W2KAS SP4, MDAC 2.8 and no issues.

 

[George Hester]

Sure it's worth something. You a braver person than I.

It turns out it only took a few hours to fix this perpetual ASP session issue. I have used the suggestion once before but left most of it set up just for the hellofit. So it wasn't too bad to go through and put a Response.Cookie in all the pages. So SP4 is out till the next critical issue.

One last thing before I head out into that blue yonder. It seems that this issue has to be a security issue. If the client says, "No Cookies" then no cookies should be the result. But it is not. In Windows 2000 Server SP3 Microsoft Internet Explorer 5.5 SP2 anyway.

I had all my cookies OFF and Session("nc") = 1 was still happening. That's wrong and shouldn't be.

http://support.microsoft.com/default.aspx?scid=kb;en-us;184574

http://support.microsoft.com/default.aspx?scid=kb;en-us;223799

I actually use this to my benefit.

http://support.microsoft.com/default.aspx?scid=kb;en-us;224304 but who knows if that still works. Let's see...yup it still works. Whew...

 

[Evertjan.]

George Hester wrote on 30 jan 2004 in
microsoft.public.inetserver.asp.general:

I had all my cookies OFF and Session("nc") = 1 was still happening.
That's wrong and shouldn't be.

I think the session is still valid ON THE SAME PAGE.

Only if you go to the next page, the session is not kept without the
session-id cookie and a new session is started.

So: ================================


<%
session("blah") = "blop"
response.write session("blah")
' this will always write "blop"
%>

But: ==============================

f1.asp:
<%
session("blah") = "blop"
response.redirect "f2.asp"
%>

f2.asp
<%
response.write session("blah")
' this will only write "blop",
' if the session persits,
' that is if session cookies are allowed
%>

===================================

Not tested.

 

[George Hester]

Hi Evertjan:

Yes that may be what's going on here. I don't know but I do know that I have been testing cookies enabled this way for two years. Also when I mentioned to Microsoft my problem they seemed to understand what I was saying. And suggested I go to SP4 to fix the issue. I believe the reason why that hotfix is no longer available is becasue regression testing probably told them it wasn't a good idea. Just speculating here of course. I don't know it's back to normal. So I dealt with it as they say.

It seems to me if the client says No Any type of Cookies there should be No Any type of Cookies. Where is Aristotle when you need him?

 

[Tim Williams]

As Evertjan pointed out, there is no reason to expect that your code
would work.

Your line
Session ("nc") = 1
does not send a cookie to the client, it just assigns a value to a
session variable. This action does not depend on cookies, so testing
whether this action was successful will always return true.

Think of it this way

Client send request to server (including any valid cookies it may have
for the server)
Server processes the request and send back a response (which may
include one or more new cookies in the header)
repeat etc etc

So, the only reliable way to check if the client has (session) cookies
enabled is to set a session variable in page1.asp and read it in
page2.asp

That's just how cookies work - not a MS problem or peculiarity.

Tim



Hi Evertjan:

Yes that may be what's going on here. I don't know but I do know
that I have been testing cookies enabled this way for two years. Also
when I mentioned to Microsoft my problem they seemed to understand
what I was saying. And suggested I go to SP4 to fix the issue. I
believe the reason why that hotfix is no longer available is becasue
regression testing probably told them it wasn't a good idea. Just
speculating here of course. I don't know it's back to normal. So I
dealt with it as they say.

It seems to me if the client says No Any type of Cookies there should
be No Any type of Cookies. Where is Aristotle when you need him?

 

[George Hester]

Tim - "Session ("nc") = 1 does not send a cookie to the client, it just assigns a value to a session variable"

http://support.microsoft.com/default.aspx?scid=kb;en-us;184574

"Active Server Pages (ASP) uses HTTP cookies to maintain session state"

Therefore if cookies are disabled then "session state" is NOT maintained. Aristotlean logic here: (IF session state is maintained THEN cookies are enabled). Thus (If cookies are disabled THEN session state is NOT maintained).

Therefore Session("nc") should be undefined NOT = 1. Now granted at another page Session("nc") may not still be 1 but I don't understand how that makes any difference. Maintaining the session state on the current page or the next page or any page, "Active Server Pages (ASP) uses HTTP cookies to maintain session state." Now of course if there is a bug:

http://support.microsoft.com/default.aspx?scid=kb;en-us;323332

then all bets are off.

--
George Hester
__________________________________

As Evertjan pointed out, there is no reason to expect that your code
would work.

Your line
Session ("nc") = 1
does not send a cookie to the client, it just assigns a value to a
session variable. This action does not depend on cookies, so testing
whether this action was successful will always return true.

Think of it this way

Client send request to server (including any valid cookies it may have
for the server)
Server processes the request and send back a response (which may
include one or more new cookies in the header)
repeat etc etc

So, the only reliable way to check if the client has (session) cookies
enabled is to set a session variable in page1.asp and read it in
page2.asp

That's just how cookies work - not a MS problem or peculiarity.

Tim



Hi Evertjan:

Yes that may be what's going on here. I don't know but I do know
that I have been testing cookies enabled this way for two years. Also
when I mentioned to Microsoft my problem they seemed to understand
what I was saying. And suggested I go to SP4 to fix the issue. I
believe the reason why that hotfix is no longer available is becasue
regression testing probably told them it wasn't a good idea. Just
speculating here of course. I don't know it's back to normal. So I
dealt with it as they say.

It seems to me if the client says No Any type of Cookies there should
be No Any type of Cookies. Where is Aristotle when you need him?

 

[Evertjan.]

George Hester wrote on 30 jan 2004 in
microsoft.public.inetserver.asp.general:

Maintaining the session state on the current page or the next page or
any page,

The server only "knows" it cannot maintain the session if it does not get a
session-id cookie value back, that the server delivered.

So the server is unaware of that possibility till it is asks for a second
page with should have that cookie.

So it must assume the second request is from a new session and any session
variable to be tested returns an empty string.

So those pages are not sessionless, they are all the first page of a new
session.

So the session variables set on such page are valid on that page only.

 

[George Hester]

OK based on that I have another idea then. Thanks. But you know I have been doing it this way for a very long time. I have Windows 2000 Professional set up and I am going to go try it over there. It has SP4 in it.

 

[George Hester MVP - IIS]

All that time I been using that method. But it looks as though I must have
been living in timbuktu because it's not working over here either. You know
I tested over this and over and over till it worked. Because I also detect
when scripting is off in the same set of code. Now all that happens is the
scripting test. The cookie test just seems to have died. I hate it when
that happens. Thanks for putting up with me and the explanations.