double cookies - same name - .Net bug?

D

DJones

I'm using the following code in my .Net application (.Net v1.1, Windows
2000) to write Session Cookies.


HttpContext.Current.Response.Cookies("cookieSession")("SessionID") =
strSessionID

HttpContext.Current.Response.Cookies("cookieSession")("Site_ID") =
strSite_ID

HttpContext.Current.Response.Cookies("cookieSession")("LanguageCode_ID")
= strLanguageCode_ID

HttpContext.Current.Response.Cookies("cookieSession")("ShipZip") =
strShipZip

HttpContext.Current.Response.Cookies("cookieSession")("blnLoadDynSide")
= blnLoadDynSide

HttpContext.Current.Response.Cookies("cookieSession")("blnProdView") =
blnProdView

HttpContext.Current.Response.Cookies("cookieSession")("blnHasCart") =
blnHasCart

HttpContext.Current.Response.Cookies("cookieSession")("CatalogCode_ID")
= strCatalogCode_ID

HttpContext.Current.Response.Cookies("cookieSession")("SegmentTypeCode_ID")
= strSegmentTypeCode_ID

HttpContext.Current.Response.Cookies("cookieSession").Expires =
DateTime.Now.AddDays(10)

Arbitrarily, in Internet Explorer, the cookie is written twice. This
causes major issues w/ my Ecommerce application.

Here's what the IIS log files look like. Notice the cookie with the
same name in there twice.

2005-07-18 16:36:07 172.191.129.192 - 192.168.71.201 443 GET
/Product/Product-CheckoutSummary.aspx - 200 66080 1026 360 HTTP/1.1
www.mydomain.com Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1)
WEBTRENDS_ID=207.200.116.5-1678957136.29722584;+cookieSession=SessionID=b8bbf19a-8165-4510-98c2-d03ad9399720&Site_ID=1&LanguageCode_ID=360&ShipZip=&blnLoadDynSide=1&blnProdView=1&blnHasCart=0&CatalogCode_ID=0&SegmentTypeCode_ID=0;+CP=null*;+WEBTRENDS_ID=207.200.116.6-1977234432.29722583;+cookieSession=SessionID=b8bbf19a-8165-4510-98c2-d03ad9399720&Site_ID=1&LanguageCode_ID=360&ShipZip=91364&blnLoadDynSide=1&blnProdView=1&blnHasCart=0&CatalogCode_ID=0&SegmentTypeCode_ID=0;+CP=null*;+ASP.NET_SessionId=v4qore3eak3zrzjcirgqpkut
https://www.mydomain.com/Product/Product-CheckoutBilling.aspx


Anyone seen this before and fixed it. Newsgroups an KBs are not
helping me so far.
 
G

Guest

On your logs looks like there are 2 different IPs:
207.200.116.5
207.200.116.6

Could be one request going to the first IP the second going to the second IP
that's why 2 cookies are being sent with 2 diferent domain?

Just an idea, give me the set up of your IIS. THanks
AL
 
D

DJones

Domain name is pointed to 216.52.152.116. ISP has a redirect to
192.168.71.201.

The visitor to this site was an AOL person (The
207.200.116.5,207.200.116.6, and the logged IP of 172.191.129.192 are
all pointed to AOL.
), and AOL has multiple proxies. So, my webserver receives requests
from multiple sources. Hmmm... Shouldn't be this way.

Cookies are supposed to be domain name specific, I thought and
shouldn't write a cookie for each IP it comes in on.

I went back to this person's initial visit and they doubled up right
away, so now I'm even more perplexed. Here's their initial IIS record
from 5 days earlier (notice that it's doubled up too).

2005-07-13 18:26:30 207.200.116.65 - 192.168.71.201 80 GET
/Default.aspx - 200 29308 871 16 HTTP/1.1 www.littletikes.com
Mozilla/4.0+(compatible;+MSIE+6.0;+AOL+9.0;+Windows+NT+5.1)
WEBTRENDS_ID=207.200.116.6-1977234432.29722583;+ASP.NET_SessionId=u3ny4cerd5blwoaqvambta45;+cookieSession=SessionID=96b1863b-0a56-443f-b080-3d9479c2f252&Site_ID=1&LanguageCode_ID=360&ShipZip=&blnLoadDynSide=1&blnProdView=1&blnHasCart=0&CatalogCode_ID=0&SegmentTypeCode_ID=0;+CP=null*;+WEBTRENDS_ID=207.200.116.5-1678957136.29722584;+ASP.NET_SessionId=wq01u4asvijqdt55to3bqkvy;+cookieSession=SessionID=b8bbf19a-8165-4510-98c2-d03ad9399720&Site_ID=1&LanguageCode_ID=360&ShipZip=&blnLoadDynSide=0&blnProdView=0&blnHasCart=0&CatalogCode_ID=0&SegmentTypeCode_ID=0
-

I am going to disable my Webtrends ISAPI cookie. This may be one of
the root causes as well. Thanks for the help.
 
G

Guest

This is so weird, cookies should get attached to @domain.com not the IP.
However in your log shows 2 different IPs, Need to check my logs to get an
idea. I'll check back with you soon.

AL
 
D

DJones

Update...... I just found another example of a Non-AOL person. Here
are the log records for when it happens.

Log #1 - Person does a search on the site - cookie fine
===============================
2005-07-18 23:46:33 68.19.214.81 - 192.168.71.201 80 POST
/toys/Toys-List.aspx Page=1&ProductCategory_ID=45&Descripti
on=RIDE-ONS 200 60324 942 125 HTTP/1.1 www.littletikes.com
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.
1;+SV1;+.NET+CLR+1.1.4322)
WEBTRENDS_ID=68.19.214.81-3694346336.29723634;+ASP.NET_SessionId=1oxthp45xbawo
mvyttdmiy45;+cookieSession=SessionID=3ba50d6c-bc0d-467e-909e-00ebd3d3f87d&Site_ID=1&LanguageCode_ID=360
&ShipZip=&blnLoadDynSide=0&blnProdView=0&blnHasCart=0&CatalogCode_ID=0&SegmentTypeCode_ID=0;+CP=null*
http://www.littletikes.com/


Log #2 - Person clicks product in the search - application writes
"1" to blnLoadDynSide in cookie array. As it will eventually turn out,
this writes a new cookie and leaves the old one intact.
===============================
2005-07-18 23:46:54 68.19.214.81 - 192.168.71.201 80 GET
/toys/Toys-Detail.aspx Product_ID=2323&D
escription=All-in+One%e2%84%a2+Wagon&ProductCategory=RIDE-ONS 200 42511
886 94 HTTP/1.1 www.littletikes.com
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322)
WEBTRENDS_ID=68.19.2
14.81-3694346336.29723634;+ASP.NET_SessionId=1oxthp45xbawomvyttdmiy45;+cookieSession=SessionID=
3ba50d6c-bc0d-467e-909e-00ebd3d3f87d&Site_ID=1&LanguageCode_ID=360&ShipZip=&blnLoadDynSide=0&bl
nProdView=0&blnHasCart=0&CatalogCode_ID=0&SegmentTypeCode_ID=0;+CP=null*
http://www.littletikes
..com/toys/Toys-List.aspx?Page=1&ProductCategory_ID=45&Description=RIDE-ONS

Log #3 - Cookie doubles up after user hits back button and selects
Page 2 from original search
===============================
2005-07-18 23:47:29 68.19.214.81 - 192.168.71.201 80 GET
/toys/Toys-List.aspx ProductAgeRanges_ID=
&ProductCategory_ID=45&Description=RIDE-ONS&SortOrder=&Page=2 200 58673
1070 109 HTTP/1.1
www.littletikes.com
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322)

WEBTRENDS_ID=68.19.214.81-3694346336.29723634;+ASP.NET_SessionId=1oxthp45xbawomvyttdmiy45;
+cookieSession=SessionID=3ba50d6c-bc0d-467e-909e-00ebd3d3f87d&Site_ID=1&LanguageCode_ID=360
&ShipZip=&blnLoadDynSide=0&blnProdView=0&blnHasCart=0&CatalogCode_ID=0&SegmentTypeCode_ID=0;
+CP=null*;+cookieSession=SessionID=3ba50d6c-bc0d-467e-909e-00ebd3d3f87d&Site_ID=1&LanguageCode_ID=360
&ShipZip=&blnLoadDynSide=1&blnProdView=0&blnHasCart=0&CatalogCode_ID=0&SegmentTypeCode_ID=0

http://www.littletikes.com/toys/Toys-List.aspx?Page=1&ProductCategory_ID=45&Description=RIDE-ONS


Man, I have a love/hate relationship w/ Microsoft and .Net. Who knows,
maybe it's IE doing the doubling up.
 
D

DJones

Another update.......Comcast person using 1 incoming IP
===========================================
2005-07-19 00:54:18 67.164.128.122 - 192.168.71.201 80 GET
/toys/Toys-Detail.aspx
Product_ID=2466&Description=8-in-1+Adjustable+Playground++&ProductCategory=%3cb%3e19+-+24+MONTHS+%3c%2fb%3e%26nbsp%3b
200 37610 1038 203 HTTP/1.1 www.littletikes.com
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322)
ASP.NET_SessionId=bccdnj3blq441u2lkz3vkbj0;+cookieSession=SessionID=fd17547d-dcb7-49ee-bd6f-70d8f4f9bea5&Site_ID=1&LanguageCode_ID=360&ShipZip=&blnLoadDynSide=0&blnProdView=0&blnHasCart=0&CatalogCode_ID=0&SegmentTypeCode_ID=0;+CP=null*;+cookieSession=SessionID=fd17547d-dcb7-49ee-bd6f-70d8f4f9bea5&Site_ID=1&LanguageCode_ID=360&ShipZip=&blnLoadDynSide=1&blnProdView=0&blnHasCart=0&CatalogCode_ID=0&SegmentTypeCode_ID=0
http://www.littletikes.com/toys/Toy...ctAgeRanges_ID=384&Description=19+-+24+Months


Same scenario as above, writing the blnLoadDynSide in cookie array to
"1". Causes double up. Here's the code again:

HttpContext.Current.Response.C­ookies("cookieSession")("blnLo­adDynSide")

= blnLoadDynSide
HttpContext.Current.Response.C­ookies("cookieSession").Expire­s =
DateTime.Now.AddDays(10)
 
V

vMike

DJones said:
I'm using the following code in my .Net application (.Net v1.1, Windows
2000) to write Session Cookies.


HttpContext.Current.Response.Cookies("cookieSession")("SessionID") =
strSessionID

HttpContext.Current.Response.Cookies("cookieSession")("Site_ID") =
strSite_ID

HttpContext.Current.Response.Cookies("cookieSession")("LanguageCode_ID")
= strLanguageCode_ID

HttpContext.Current.Response.Cookies("cookieSession")("ShipZip") =
strShipZip

HttpContext.Current.Response.Cookies("cookieSession")("blnLoadDynSide")
= blnLoadDynSide

HttpContext.Current.Response.Cookies("cookieSession")("blnProdView") =
blnProdView

HttpContext.Current.Response.Cookies("cookieSession")("blnHasCart") =
blnHasCart

HttpContext.Current.Response.Cookies("cookieSession")("CatalogCode_ID")
= strCatalogCode_ID

HttpContext.Current.Response.Cookies("cookieSession")("SegmentTypeCode_ID")
= strSegmentTypeCode_ID

HttpContext.Current.Response.Cookies("cookieSession").Expires =
DateTime.Now.AddDays(10)

Arbitrarily, in Internet Explorer, the cookie is written twice. This
causes major issues w/ my Ecommerce application.

Here's what the IIS log files look like. Notice the cookie with the
same name in there twice.

2005-07-18 16:36:07 172.191.129.192 - 192.168.71.201 443 GET
/Product/Product-CheckoutSummary.aspx - 200 66080 1026 360 HTTP/1.1
www.mydomain.com Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1)
WEBTRENDS_ID=207.200.116.5-1678957136.29722584;+cookieSession=SessionID=b8bb
f19a-8165-4510-98c2-d03ad9399720&Site_ID=1&LanguageCode_ID=360&ShipZip=&blnL
oadDynSide=1&blnProdView=1&blnHasCart=0&CatalogCode_ID=0&SegmentTypeCode_ID=
0;+CP=null*;+WEBTRENDS_ID=207.200.116.6-1977234432.29722583;+cookieSession=S
essionID=b8bbf19a-8165-4510-98c2-d03ad9399720&Site_ID=1&LanguageCode_ID=360&
ShipZip=91364&blnLoadDynSide=1&blnProdView=1&blnHasCart=0&CatalogCode_ID=0&S
egmentTypeCode_ID=0;+CP=null*;+ASP.NET_SessionId=v4qore3eak3zrzjcirgqpkut
https://www.mydomain.com/Product/Product-CheckoutBilling.aspx


Anyone seen this before and fixed it. Newsgroups an KBs are not
helping me so far.
Click to expand...

I had a similar but somewhat different problem. I solved it by explicately
settting the .domain property of the cookie to mysite.com .
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Login / auth cookie problem after migrating to .NET 2.0 2
newbie - mechanize multiple cookies problem with form login 0

Members online

Total: 27 (members: 2, guests: 25)
Robots: 133

Forum statistics

Threads
473,787
Messages
2,569,627
Members
45,328
Latest member
66Teonna9

Latest Threads

Top