Problem with querystrings and cookies

Discussion in 'ASP General' started by Eifion, Nov 12, 2003.

  1. Eifion

    Eifion Guest

    I've noticed a strange problem with setting cookies in ASP when the
    cookie name you're setting exists in the querystring. The company I
    work for has many partner sites who link to our site like this:
    www.mycompany.com/partner.asp?PartnerID=??? The partner.asp page then
    sets a cookie called PartnerID containing the value from the
    querystring.

    We have noticed, however, that if the partner calls the partner.asp
    page and alters the capitalization of 'PartnerID' then another cookie
    gets set which takes the capitalization of 'PartnerID' from the
    querystring. All of the other asp pages in the site then seem to read
    the first cookie set and thus it appears that the 'wrong' partner
    settings are being used.

    Has anyone experienced this problem before? Unfortunately altering the
    cookie or querystring names would be a non-trivial task so this is not
    an option at the moment.

    Eifion
     
    Eifion, Nov 12, 2003
    #1
    1. Advertising

  2. Eifion

    Ray at Guest

    How are you setting the cookie? Unless you're grabbing the name part from
    the name/value pair in the querystring and using that as a cookie, the
    cookie name will be whatever you set it as. Are you sure that you aren't
    doing something like Request("partnerid") as opposed to
    Request.QUERYSTRING("partnerid") or Request.COOKIES("partnerid")?

    Ray at work

    "Eifion" <> wrote in message
    news:...
    > I've noticed a strange problem with setting cookies in ASP when the
    > cookie name you're setting exists in the querystring. The company I
    > work for has many partner sites who link to our site like this:
    > www.mycompany.com/partner.asp?PartnerID=??? The partner.asp page then
    > sets a cookie called PartnerID containing the value from the
    > querystring.
    >
    > We have noticed, however, that if the partner calls the partner.asp
    > page and alters the capitalization of 'PartnerID' then another cookie
    > gets set which takes the capitalization of 'PartnerID' from the
    > querystring. All of the other asp pages in the site then seem to read
    > the first cookie set and thus it appears that the 'wrong' partner
    > settings are being used.
    >
    > Has anyone experienced this problem before? Unfortunately altering the
    > cookie or querystring names would be a non-trivial task so this is not
    > an option at the moment.
    >
    > Eifion
     
    Ray at, Nov 12, 2003
    #2
    1. Advertising

  3. Eifion

    Eifion Guest

    Ray at <%=sLocation%> wrote:
    > How are you setting the cookie? Unless you're grabbing the name part from
    > the name/value pair in the querystring and using that as a cookie, the
    > cookie name will be whatever you set it as. Are you sure that you aren't
    > doing something like Request("partnerid") as opposed to
    > Request.QUERYSTRING("partnerid") or Request.COOKIES("partnerid")?


    The code below reproduces the problem. If I go to
    http://localhost/cookies.asp?Partner=ABC
    I see 'Partner=ABC;' in the JavaScript cookie string. If I then go to
    http://localhost/cookies.asp?Partner=DEF
    then the cookie gets changed as expected. If I then try
    http://localhost/cookies.asp?PArtner=GHI
    then another Partner cookie gets appended to the querystring like this
    Partner=DEF; ASPSESSIONIDSSAATSAT=LFFBLJKABHFOLLGDOCGOCKOI; PArtner=GHI

    which gives two cookies with the same name (except for capitalisation).

    Eifion

    <%
    strSource = Request.QueryString("Partner")
    Response.Cookies("Partner") = strSource
    %>
    <Html>
    <Head>
    <Title></Title>
    </Head>
    <Body>
    <script type="text/javascript">
    document.write(document.cookie);
    </script>
    </Body>
    </Html>
     
    Eifion, Nov 12, 2003
    #3
  4. Eifion

    Ray at Guest

    Although I never thought about if this would carry through to such code,
    javascript is a case sensitive language. What are you doing with that
    client side cookie code anyway?

    Ray at work

    "Eifion" <> wrote in message
    news:bou5j5$i21$...
    > Ray at <%=sLocation%> wrote:
    > > How are you setting the cookie? Unless you're grabbing the name part

    from
    > > the name/value pair in the querystring and using that as a cookie, the
    > > cookie name will be whatever you set it as. Are you sure that you

    aren't
    > > doing something like Request("partnerid") as opposed to
    > > Request.QUERYSTRING("partnerid") or Request.COOKIES("partnerid")?

    >
    > The code below reproduces the problem. If I go to
    > http://localhost/cookies.asp?Partner=ABC
    > I see 'Partner=ABC;' in the JavaScript cookie string. If I then go to
    > http://localhost/cookies.asp?Partner=DEF
    > then the cookie gets changed as expected. If I then try
    > http://localhost/cookies.asp?PArtner=GHI
    > then another Partner cookie gets appended to the querystring like this
    > Partner=DEF; ASPSESSIONIDSSAATSAT=LFFBLJKABHFOLLGDOCGOCKOI; PArtner=GHI
    >
    > which gives two cookies with the same name (except for capitalisation).
    >
    > Eifion
    >
    > <%
    > strSource = Request.QueryString("Partner")
    > Response.Cookies("Partner") = strSource
    > %>
    > <Html>
    > <Head>
    > <Title></Title>
    > </Head>
    > <Body>
    > <script type="text/javascript">
    > document.write(document.cookie);
    > </script>
    > </Body>
    > </Html>
    >
    >
     
    Ray at, Nov 12, 2003
    #4
  5. Eifion

    Eifion Guest

    Nothing. The problem is that VBScript seems to get confused when reading
    the cookies back on the server and sometimes gets the 'wrong' one when I
    do a Request.Cookies("PartnerID"), ignoring the most recently set
    partner cookie and choosing an earlier one.

    Eifion

    Ray at <%=sLocation%> wrote:
    > Although I never thought about if this would carry through to such code,
    > javascript is a case sensitive language. What are you doing with that
    > client side cookie code anyway?
    >
     
    Eifion, Nov 12, 2003
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. ALPO
    Replies:
    1
    Views:
    356
    Steve C. Orr [MVP, MCSD]
    Nov 15, 2003
  2. Anthony

    URL rewriting and querystrings

    Anthony, Oct 26, 2004, in forum: ASP .Net
    Replies:
    1
    Views:
    418
    Scott Allen
    Oct 26, 2004
  3. =?Utf-8?B?Sm9obiBIb3BwZXI=?=

    streams and querystrings

    =?Utf-8?B?Sm9obiBIb3BwZXI=?=, Jan 21, 2005, in forum: ASP .Net
    Replies:
    2
    Views:
    415
    =?Utf-8?B?Sm9obiBIb3BwZXI=?=
    Jan 21, 2005
  4. Replies:
    11
    Views:
    721
    Danny Tuppeny
    Oct 29, 2005
  5. _Who
    Replies:
    7
    Views:
    2,685
Loading...

Share This Page