URGENT: Strange Cookie Problem! Production App is Failing!

T

Tony Archer

Gentlemen, your urgent help is needed in solving a STRANGE problem.

I have two servers a dev box, and a production box. On the dev box
everything works fine, in production it hoses:

One of the things a user can do is click a "Change region" link which takes
them to a map of the world. They can then select one of four regions.

When they select a region it takes them to a page which reads a variable and
then sets a cookie which is then referenced throughout the site.

like: cds.asp?r=0 (0,1,2,3 are the valid valies)

NOW I'm not asking you to debug code, as I am POSITIVE it has nothing to do
with that and here's why:

DEV BOX Running:
- Default FTP (All IPs)
- Default SMTP (All IPs)
- Default NNTP (All IPs)
- Default Web Server (IP-1:80)
- New Web Server (IP-2:80)
- New Web Server - Back Door (IP-1:88)
* IP-1 and IP-2 are assigned to the same network card, there is no second
NIC.

All three web servers are pointing at the same physical directory. (The
reason is irrelevant, but if you must know it's because we're using a
security ISAPI filter which screws up Front Page Extensions. SO the second
IP allows FP to connect and the back door allows a script to run)

If I hit the Default Web Server the cookies are updated and everything
changes fine.
If I hit "New Web Server - Back Door" or "New Web Server" the cookie appears
to get updated on the page doing the work (I checked by printing both the
variable and the request.cookie) but then is not for any other pages
referencing it.

My Production server is set up in much the same way.
 
T

Tony Archer

Nope. It's just one cookie being used. Called "CDSRegion"

Here is the code. But again. It works fine if I browse the site using the
default web server, but NOT if I hit the SAME files from a different IP or
port.

<% Response.Buffer = TRUE %>
<%
Dim sFullPageLink

CDS_Region = Request.QueryString("r")

IF CDS_Region = "" THEN
CDS_Region = Request.Cookies("CDSRegion")
ELSE
Response.Cookies("CDSRegion") = CDS_Region
Response.Cookies("CDSRegion").Expires = DateAdd("m", 1, Date)
END IF
%>

Other pages then try to:

CDS_Region = Request.Cookies("CDSRegion")
 
A

Aaron Bertrand - MVP

Nope. It's just one cookie being used.

What question are you answering here? I asked about MACHINES (e.g.
SERVERS), not cookies.

Did you investigate the other bullet points at http://www.aspfaq.com/2157?
If your code is correct, I'd be very surprised if this isn't being caused by
one (or more) of those reasons...
 
T

Tony Archer

None of the other possibilities in the article are true for me.

Any other ideas?
 
A

Aaron Bertrand - MVP

When you go from one site to the other, does the lower right icon change
from Trusted Sites to something else, or vice versa?

Does it all work using a downgraded browser, e.g. IE 5.0 or Netscape?

--
Aaron Bertrand
SQL Server MVP
http://www.aspfaq.com/
 
T

Tony Archer

Doh!

Answered the wrong question. No, the machine names have no underscores in
the names.

Just to be sure I don't miss any:

1.. Make sure cookies are enabled in your browser - session variables
require cookies.

*THEY ARE


2.. If you are using IE 6.0, the new privacy policy settings might be
biting you in the rear. You will need to read up on P3P, and discover how IE
is affected in KB #293222.

* HAPPENS REGARDLESS OF IE 5.5 or 6.0

3.. If you are using IE 5.5 or IE 6.0, and your local server name has an
underscore or other non-alphanumeric character (other than a dash) in the
name, then cookies will not work correctly. One workaround is to access the
machine by IP address; others include renaming the server or at least adding
an entry to the clients' hosts files, or alter your local DNS/WINS, or add a
new host header to the web server, with a more friendly name. For more info,
see KB #312461 and KB #316112.

*NO UNDERSCORES IN NAME


4.. Make sure you haven't disabled session state in Internet Services
Manager, and that it has an appropriate timeout value:

* IT IS ENABLED AND SET TO 20 (DEFAULT)


5.. Check that you aren't expecting to maintain session variables across:

* I AM NOT.

6.. If you are relying on session or application variables created in
global.asa, make sure that global.asa is in fact firing (see Article #2076).

* I AM NOT.


7.. If you are running McAfee, it may be scanning global.asa constantly,
and preventing your application from behaving consistently (see KB #303881)

*I AM NOT.

8.. Finally, check to see that you aren't manually disabling the user's
session, either by a coding/logic/database error, a misplaced <%@
ENABLESESSIONSTATE = False %> (which will affect a specific page), or an
errant session.timeout value (which will affect all pages).

*I AM NOT.
 
T

Tony Archer

No, it stays "Internet" the entire time, regardless.

Same issue using Opera to browse.

My personal feeling is that it has to do with how the path for the cookie is
being stored. My bet is that IIS is for some reason sending the default web
server as the path and then when it comes time to read the cookie it cannot
find it under the name it is looking for.

--Tony
 
A

Aaron Bertrand - MVP

Maybe I've been asking the wrong questions. I was assuming that the same
code, on each server, was behaving differently, depending on the server.

Now, it's my impression that you are setting a cookie on IP-1, and expecting
to read it on IP-2, or IP-1:different port #?
 
T

Tony Archer

Nope. Your first was correct.

If I hit the code on IP-1 I expect to see it on IP-1

If I hit the code on IP-2 I expect to see it on IP-2

The code sets the cookie when you hit it 1st and then reads it thereafter.
I am not changing IPs or ports half way through the site. If you come in on
IP-1:80 then you stay there, if you come in on IP-1:88 then you stay there,
if you come in on IP-2:80 then you stay there.

(otherwise my answer to question 5 would have to be "Oops, there's the
problem," but it isn't :p)

I also realize that you are used to dealing with people who usually aren't
.... well ... thorough. But I am :)

I based my conclusion below on this article:
http://support.microsoft.com/?id=324337

Although it doesn't seem to match exactly the problem I'm having. Also,
trying their code of:

Response.Cookies("TestCookie").Path = "/"

Didn't solve anything either :(
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,743
Messages
2,569,477
Members
44,898
Latest member
BlairH7607

Latest Threads

Top