473,898 Members | 2,804 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Response.Cookie s bug

Hi...

I've come across some weird bug with Response.Cookie s. Or maybe it will be
called "by design" but for the life of me I can't figure out what purpose it
would serve. If you're setting a cookie (say Response.Cookie s ("TEST")) and
you have a query string variable &test=x or &Test=x and you get
Request.QuerySt ring to parse the query string, the cookie that gets dropped
matches the case of the query string, not what your code says. In other
words even though the code says Response.Cookie s ("TEST"), it drops
Response.Cookie s ("test") instead.

Anyone have any idea what's going on here? There's an example below. Try
it with http://127.0.0.1/cookieTest.asp?test=x and without the query string
variable.

<%@Language=Jsc ript Enablesessionst ate=false%>
<% var exp = new Date();
exp.setTime(exp .getTime() + (2 * 365 * 24 * 60 * 60 * 1000))
var expDate = (exp.getUTCMont h()+1) + "/" + exp.getUTCDate( ) + "/" +
exp.getUTCFullY ear()

var x = Request.QuerySt ring ("dummy");
Response.Cookie s("TEST") = "This is a test";
Response.Cookie s("TEST").Expir es = expDate;
%>

Thanks
_mark
Jul 22 '05 #1
6 3064
2 problems.

Your question does not make any sense to me.
Your example page does not display anything.

Please restate the problem as clearly as possible with examples of the what
you expect to see that you are not seeing happen.

If possible, provide a sample page that displays the difference.

--
Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com
"Mark" <mm******@nospa m.nospam> wrote in message
news:19******** *************** ***********@mic rosoft.com...
Hi...

I've come across some weird bug with Response.Cookie s. Or maybe it will be called "by design" but for the life of me I can't figure out what purpose it would serve. If you're setting a cookie (say Response.Cookie s ("TEST")) and you have a query string variable &test=x or &Test=x and you get
Request.QuerySt ring to parse the query string, the cookie that gets dropped matches the case of the query string, not what your code says. In other
words even though the code says Response.Cookie s ("TEST"), it drops
Response.Cookie s ("test") instead.

Anyone have any idea what's going on here? There's an example below. Try
it with http://127.0.0.1/cookieTest.asp?test=x and without the query string variable.

<%@Language=Jsc ript Enablesessionst ate=false%>
<% var exp = new Date();
exp.setTime(exp .getTime() + (2 * 365 * 24 * 60 * 60 * 1000))
var expDate = (exp.getUTCMont h()+1) + "/" + exp.getUTCDate( ) + "/" +
exp.getUTCFullY ear()

var x = Request.QuerySt ring ("dummy");
Response.Cookie s("TEST") = "This is a test";
Response.Cookie s("TEST").Expir es = expDate;
%>

Thanks
_mark

Jul 22 '05 #2
Sorry... The point is to look at the cookie-setting that is done in the
response. Adding a lot of code to dump out the current cookie state I
thought would gum up the example.

The main point is that given the code below, one would expect *always* to see

Set-Cookie: TEST=This+is+a+ test; expires=Wed, 28-Feb-2007 05:00:00 GMT; path=/

as a header response for this page, since the name and case of the cookie is
a hard-coded literal value in the code. The bug in IIS is that if you have,
say, &test=x on your query string, IIS returns

Set-Cookie: test=This+is+a+ test; expires=Wed, 28-Feb-2007 05:00:00 GMT; path=/

as the cookie setting (notice the case difference).

This is a problem because when you look for Request.Cookies on subsequent
page views, those *are* case sensative, so the fact that you're not setting
the cookie you think you are can cause a lot of problems.

The response header case-insensativity problem only seems to occur
a) when there a querystring variable exists with some other representation
of the name and
b) when the code uses Request.QuerySt ring ("var") to get the Request object
to parse the query string. Note that you don't even have to be looking for
the variable (sort of) sharing the cookie name; anything to get Request to
parse the query string into a collection.

If you leave &test=x off of the url or if you take out the
var x = Request.QuerySt ring ("dummy");
line, you get the first, correct cookie header as a response.

Thanks
_mark
"Mark Schupp" wrote:
2 problems.

Your question does not make any sense to me.
Your example page does not display anything.

Please restate the problem as clearly as possible with examples of the what
you expect to see that you are not seeing happen.

If possible, provide a sample page that displays the difference.

--
Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com
"Mark" <mm******@nospa m.nospam> wrote in message
news:19******** *************** ***********@mic rosoft.com...
Hi...

I've come across some weird bug with Response.Cookie s. Or maybe it will

be
called "by design" but for the life of me I can't figure out what purpose

it
would serve. If you're setting a cookie (say Response.Cookie s ("TEST"))

and
you have a query string variable &test=x or &Test=x and you get
Request.QuerySt ring to parse the query string, the cookie that gets

dropped
matches the case of the query string, not what your code says. In other
words even though the code says Response.Cookie s ("TEST"), it drops
Response.Cookie s ("test") instead.

Anyone have any idea what's going on here? There's an example below. Try
it with http://127.0.0.1/cookieTest.asp?test=x and without the query

string
variable.

<%@Language=Jsc ript Enablesessionst ate=false%>
<% var exp = new Date();
exp.setTime(exp .getTime() + (2 * 365 * 24 * 60 * 60 * 1000))
var expDate = (exp.getUTCMont h()+1) + "/" + exp.getUTCDate( ) + "/" +
exp.getUTCFullY ear()

var x = Request.QuerySt ring ("dummy");
Response.Cookie s("TEST") = "This is a test";
Response.Cookie s("TEST").Expir es = expDate;
%>

Thanks
_mark


Jul 22 '05 #3
possibly I am missing something (I'm not all that knowledgable about
cookies) but the cookie collection does not appear to be case-sensitive.

Running the below code gives the same value for "TEST" as for "test" on the
second request (all cookies were deleted first).

%@Language=Jscr ipt Enablesessionst ate=false%>
<% var exp = new Date();
exp.setTime(exp .getTime() + (2 * 365 * 24 * 60 * 60 * 1000))
var expDate = (exp.getUTCMont h()+1) + "/" + exp.getUTCDate( ) + "/" +
exp.getUTCFullY ear()

Response.Write( "TEST cookie:" + Request.Cookies ("TEST") + "<br>" );
Response.Write( "test cookie:" + Request.Cookies ("test") + "<br>" );

var x = Request.QuerySt ring ("dummy");
Response.Cookie s("TEST") = "This is a test";
Response.Cookie s("TEST").Expir es = expDate;
%>
--
Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com
"Mark" <mm******@nospa m.nospam> wrote in message
news:C1******** *************** ***********@mic rosoft.com...
Sorry... The point is to look at the cookie-setting that is done in the
response. Adding a lot of code to dump out the current cookie state I
thought would gum up the example.

The main point is that given the code below, one would expect *always* to see
Set-Cookie: TEST=This+is+a+ test; expires=Wed, 28-Feb-2007 05:00:00 GMT; path=/
as a header response for this page, since the name and case of the cookie is a hard-coded literal value in the code. The bug in IIS is that if you have, say, &test=x on your query string, IIS returns

Set-Cookie: test=This+is+a+ test; expires=Wed, 28-Feb-2007 05:00:00 GMT; path=/
as the cookie setting (notice the case difference).

This is a problem because when you look for Request.Cookies on subsequent
page views, those *are* case sensative, so the fact that you're not setting the cookie you think you are can cause a lot of problems.

The response header case-insensativity problem only seems to occur
a) when there a querystring variable exists with some other representation
of the name and
b) when the code uses Request.QuerySt ring ("var") to get the Request object to parse the query string. Note that you don't even have to be looking for the variable (sort of) sharing the cookie name; anything to get Request to
parse the query string into a collection.

If you leave &test=x off of the url or if you take out the
var x = Request.QuerySt ring ("dummy");
line, you get the first, correct cookie header as a response.

Thanks
_mark
"Mark Schupp" wrote:
2 problems.

Your question does not make any sense to me.
Your example page does not display anything.

Please restate the problem as clearly as possible with examples of the what you expect to see that you are not seeing happen.

If possible, provide a sample page that displays the difference.

--
Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com
"Mark" <mm******@nospa m.nospam> wrote in message
news:19******** *************** ***********@mic rosoft.com...
Hi...

I've come across some weird bug with Response.Cookie s. Or maybe it will
be
called "by design" but for the life of me I can't figure out what
purpose it
would serve. If you're setting a cookie (say Response.Cookie s
("TEST")) and
you have a query string variable &test=x or &Test=x and you get
Request.QuerySt ring to parse the query string, the cookie that gets

dropped
matches the case of the query string, not what your code says. In

other words even though the code says Response.Cookie s ("TEST"), it drops
Response.Cookie s ("test") instead.

Anyone have any idea what's going on here? There's an example below. Try it with http://127.0.0.1/cookieTest.asp?test=x and without the query

string
variable.

<%@Language=Jsc ript Enablesessionst ate=false%>
<% var exp = new Date();
exp.setTime(exp .getTime() + (2 * 365 * 24 * 60 * 60 * 1000))
var expDate = (exp.getUTCMont h()+1) + "/" + exp.getUTCDate( ) + "/" +
exp.getUTCFullY ear()

var x = Request.QuerySt ring ("dummy");
Response.Cookie s("TEST") = "This is a test";
Response.Cookie s("TEST").Expir es = expDate;
%>

Thanks
_mark


Jul 22 '05 #4
Hi Mark...

Okay, now this is getting a little weird. After seeing your post, I went to
www.w3c.org and read sections of rfc2965 about cookies, and it does say in
there that the names of the cookies are case-insensitive, so the fact that
IIS behaves inconsistently could be argued as not a bug, but then the bug
just moves to IE, which is treating the cookie names as case-*sensitive*.

I.e. If I get the first reported problem to happen (the name of the cookie
switches case), from then on, IE will pass up *both* versions of the cookie
and the upper case one seems to trump the lower case one when you go to look
for it. In other words, you can never find that lower case cookie in ASP
even though IE is sending both back up.

Further muddying the waters is that your modification (referencing
Request.Cookies ("TEST")) seems to undo whatever state in IIS gets the state
mixed up in the first place. If you're watching the headers returned from
the page with your modifications, the cookies in question *don't* switch case
on their names anymore. If you comment out those lines and just watch the
headers, IIS is messing with the case.

I made another small mod on your mod so that now it will set the cookie with
the querystring value, if any. Otherwise it sets it with the time of day.
Adding this on below. So in summary, it seems like IIS has a small bug that
MS might try to explain away as "acceptible inconsistency" and IE has a bug
in that it doesn't manage cookies of similar names properly.

<%@Language=Jsc ript Enablesessionst ate=false%>
<% var exp = new Date();
exp.setTime(exp .getTime() + (2 * 365 * 24 * 60 * 60 * 1000))
var expDate = (exp.getUTCMont h()+1) + "/" + exp.getUTCDate( ) + "/" +
exp.getUTCFullY ear()

//Response.Write( "TEST cookie:" + Request.Cookies ("TEST") + "<br>" );
//Response.Write( "test cookie:" + Request.Cookies ("test") + "<br>" );

var x = Request.QuerySt ring ("test");
if (String (x) == "undefined" ) x = (new Date()).toStrin g();
Response.Cookie s("TEST") = x;
Response.Cookie s("TEST").Expir es = expDate;
%>
Thanks
-mark
"Mark Schupp" wrote:
possibly I am missing something (I'm not all that knowledgable about
cookies) but the cookie collection does not appear to be case-sensitive.

Running the below code gives the same value for "TEST" as for "test" on the
second request (all cookies were deleted first).

%@Language=Jscr ipt Enablesessionst ate=false%>
<% var exp = new Date();
exp.setTime(exp .getTime() + (2 * 365 * 24 * 60 * 60 * 1000))
var expDate = (exp.getUTCMont h()+1) + "/" + exp.getUTCDate( ) + "/" +
exp.getUTCFullY ear()

Response.Write( "TEST cookie:" + Request.Cookies ("TEST") + "<br>" );
Response.Write( "test cookie:" + Request.Cookies ("test") + "<br>" );

var x = Request.QuerySt ring ("dummy");
Response.Cookie s("TEST") = "This is a test";
Response.Cookie s("TEST").Expir es = expDate;
%>
--
Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com
"Mark" <mm******@nospa m.nospam> wrote in message
news:C1******** *************** ***********@mic rosoft.com...
Sorry... The point is to look at the cookie-setting that is done in the
response. Adding a lot of code to dump out the current cookie state I
thought would gum up the example.

The main point is that given the code below, one would expect *always* to

see

Set-Cookie: TEST=This+is+a+ test; expires=Wed, 28-Feb-2007 05:00:00 GMT;

path=/

as a header response for this page, since the name and case of the cookie

is
a hard-coded literal value in the code. The bug in IIS is that if you

have,
say, &test=x on your query string, IIS returns

Set-Cookie: test=This+is+a+ test; expires=Wed, 28-Feb-2007 05:00:00 GMT;

path=/

as the cookie setting (notice the case difference).

This is a problem because when you look for Request.Cookies on subsequent
page views, those *are* case sensative, so the fact that you're not

setting
the cookie you think you are can cause a lot of problems.

The response header case-insensativity problem only seems to occur
a) when there a querystring variable exists with some other representation
of the name and
b) when the code uses Request.QuerySt ring ("var") to get the Request

object
to parse the query string. Note that you don't even have to be looking

for
the variable (sort of) sharing the cookie name; anything to get Request to
parse the query string into a collection.

If you leave &test=x off of the url or if you take out the
var x = Request.QuerySt ring ("dummy");
line, you get the first, correct cookie header as a response.

Thanks
_mark
"Mark Schupp" wrote:
2 problems.

Your question does not make any sense to me.
Your example page does not display anything.

Please restate the problem as clearly as possible with examples of the what you expect to see that you are not seeing happen.

If possible, provide a sample page that displays the difference.

--
Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com
"Mark" <mm******@nospa m.nospam> wrote in message
news:19******** *************** ***********@mic rosoft.com...
> Hi...
>
> I've come across some weird bug with Response.Cookie s. Or maybe it will be
> called "by design" but for the life of me I can't figure out what purpose it
> would serve. If you're setting a cookie (say Response.Cookie s ("TEST")) and
> you have a query string variable &test=x or &Test=x and you get
> Request.QuerySt ring to parse the query string, the cookie that gets
dropped
> matches the case of the query string, not what your code says. In other > words even though the code says Response.Cookie s ("TEST"), it drops
> Response.Cookie s ("test") instead.
>
> Anyone have any idea what's going on here? There's an example below. Try > it with http://127.0.0.1/cookieTest.asp?test=x and without the query
string
> variable.
>
> <%@Language=Jsc ript Enablesessionst ate=false%>
> <% var exp = new Date();
> exp.setTime(exp .getTime() + (2 * 365 * 24 * 60 * 60 * 1000))
> var expDate = (exp.getUTCMont h()+1) + "/" + exp.getUTCDate( ) + "/" +
> exp.getUTCFullY ear()
>
> var x = Request.QuerySt ring ("dummy");
> Response.Cookie s("TEST") = "This is a test";
> Response.Cookie s("TEST").Expir es = expDate;
> %>
>
> Thanks
> _mark


Jul 22 '05 #5
Can you post a simple page that demonstrates the problem on the IE side?

--
Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com
"Mark" <mm******@nospa m.nospam> wrote in message
news:E0******** *************** ***********@mic rosoft.com...
Hi Mark...

Okay, now this is getting a little weird. After seeing your post, I went to www.w3c.org and read sections of rfc2965 about cookies, and it does say in
there that the names of the cookies are case-insensitive, so the fact that
IIS behaves inconsistently could be argued as not a bug, but then the bug
just moves to IE, which is treating the cookie names as case-*sensitive*.

I.e. If I get the first reported problem to happen (the name of the cookie
switches case), from then on, IE will pass up *both* versions of the cookie and the upper case one seems to trump the lower case one when you go to look for it. In other words, you can never find that lower case cookie in ASP
even though IE is sending both back up.

Further muddying the waters is that your modification (referencing
Request.Cookies ("TEST")) seems to undo whatever state in IIS gets the state mixed up in the first place. If you're watching the headers returned from
the page with your modifications, the cookies in question *don't* switch case on their names anymore. If you comment out those lines and just watch the
headers, IIS is messing with the case.

I made another small mod on your mod so that now it will set the cookie with the querystring value, if any. Otherwise it sets it with the time of day.
Adding this on below. So in summary, it seems like IIS has a small bug that MS might try to explain away as "acceptible inconsistency" and IE has a bug in that it doesn't manage cookies of similar names properly.

<%@Language=Jsc ript Enablesessionst ate=false%>
<% var exp = new Date();
exp.setTime(exp .getTime() + (2 * 365 * 24 * 60 * 60 * 1000))
var expDate = (exp.getUTCMont h()+1) + "/" + exp.getUTCDate( ) + "/" +
exp.getUTCFullY ear()

//Response.Write( "TEST cookie:" + Request.Cookies ("TEST") + "<br>" );
//Response.Write( "test cookie:" + Request.Cookies ("test") + "<br>" );

var x = Request.QuerySt ring ("test");
if (String (x) == "undefined" ) x = (new Date()).toStrin g();
Response.Cookie s("TEST") = x;
Response.Cookie s("TEST").Expir es = expDate;
%>
Thanks
-mark
"Mark Schupp" wrote:
possibly I am missing something (I'm not all that knowledgable about
cookies) but the cookie collection does not appear to be case-sensitive.

Running the below code gives the same value for "TEST" as for "test" on the second request (all cookies were deleted first).

%@Language=Jscr ipt Enablesessionst ate=false%>
<% var exp = new Date();
exp.setTime(exp .getTime() + (2 * 365 * 24 * 60 * 60 * 1000))
var expDate = (exp.getUTCMont h()+1) + "/" + exp.getUTCDate( ) + "/" +
exp.getUTCFullY ear()

Response.Write( "TEST cookie:" + Request.Cookies ("TEST") + "<br>" );
Response.Write( "test cookie:" + Request.Cookies ("test") + "<br>" );

var x = Request.QuerySt ring ("dummy");
Response.Cookie s("TEST") = "This is a test";
Response.Cookie s("TEST").Expir es = expDate;
%>
--
Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com
"Mark" <mm******@nospa m.nospam> wrote in message
news:C1******** *************** ***********@mic rosoft.com...
Sorry... The point is to look at the cookie-setting that is done in the response. Adding a lot of code to dump out the current cookie state I
thought would gum up the example.

The main point is that given the code below, one would expect *always* to
see

Set-Cookie: TEST=This+is+a+ test; expires=Wed, 28-Feb-2007 05:00:00
GMT; path=/

as a header response for this page, since the name and case of the
cookie is
a hard-coded literal value in the code. The bug in IIS is that if you

have,
say, &test=x on your query string, IIS returns

Set-Cookie: test=This+is+a+ test; expires=Wed, 28-Feb-2007 05:00:00
GMT; path=/

as the cookie setting (notice the case difference).

This is a problem because when you look for Request.Cookies on
subsequent page views, those *are* case sensative, so the fact that you're not

setting
the cookie you think you are can cause a lot of problems.

The response header case-insensativity problem only seems to occur
a) when there a querystring variable exists with some other representation of the name and
b) when the code uses Request.QuerySt ring ("var") to get the Request

object
to parse the query string. Note that you don't even have to be looking for
the variable (sort of) sharing the cookie name; anything to get
Request to parse the query string into a collection.

If you leave &test=x off of the url or if you take out the
var x = Request.QuerySt ring ("dummy");
line, you get the first, correct cookie header as a response.

Thanks
_mark
"Mark Schupp" wrote:

> 2 problems.
>
> Your question does not make any sense to me.
> Your example page does not display anything.
>
> Please restate the problem as clearly as possible with examples of the what
> you expect to see that you are not seeing happen.
>
> If possible, provide a sample page that displays the difference.
>
> --
> Mark Schupp
> Head of Development
> Integrity eLearning
> www.ielearning.com
>
>
> "Mark" <mm******@nospa m.nospam> wrote in message
> news:19******** *************** ***********@mic rosoft.com...
> > Hi...
> >
> > I've come across some weird bug with Response.Cookie s. Or maybe
it will
> be
> > called "by design" but for the life of me I can't figure out what

purpose
> it
> > would serve. If you're setting a cookie (say Response.Cookie s

("TEST"))
> and
> > you have a query string variable &test=x or &Test=x and you get
> > Request.QuerySt ring to parse the query string, the cookie that
gets > dropped
> > matches the case of the query string, not what your code says. In

other
> > words even though the code says Response.Cookie s ("TEST"), it drops > > Response.Cookie s ("test") instead.
> >
> > Anyone have any idea what's going on here? There's an example below. Try
> > it with http://127.0.0.1/cookieTest.asp?test=x and without the

query > string
> > variable.
> >
> > <%@Language=Jsc ript Enablesessionst ate=false%>
> > <% var exp = new Date();
> > exp.setTime(exp .getTime() + (2 * 365 * 24 * 60 * 60 * 1000))
> > var expDate = (exp.getUTCMont h()+1) + "/" + exp.getUTCDate( ) + "/" + > > exp.getUTCFullY ear()
> >
> > var x = Request.QuerySt ring ("dummy");
> > Response.Cookie s("TEST") = "This is a test";
> > Response.Cookie s("TEST").Expir es = expDate;
> > %>
> >
> > Thanks
> > _mark
>
>
>


Jul 22 '05 #6
Hi Mark...

Generally, I've been using proxytrace to watch the headers going back and
forth, demonstrating the problem. Otherwise, you could look at the cookies
files on your IE side to see it.

If you set a cookie "TEST" and a cookie "test" for the same host/ie instance
pair, you'll see that on the IE side, it's treating them case-sensitively -
i.e. you get two different cookies with two different values. If you go back
to that host, IE will present both cookies to IIS. As your example
demonstrated, IIS is treating the names case-insensitively (upper trumps
lower).

The nub is that either cookie names are supposed to be case-insensitive or
they're not. IIS is being pretty loose about case-sensitivity but it could
be argued the standard lets them be. IE is being strictly case sensitive in
the management of the cookies, which interacts with IIS in strange ways.

I'm writing it up and submitting it to the MS bug-report line now
(unfortunately our msdn subscription is in the process of being renewed, or I
just would have called them up).

Thanks
-mark
"Mark Schupp" wrote:
Can you post a simple page that demonstrates the problem on the IE side?

--
Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com
"Mark" <mm******@nospa m.nospam> wrote in message
news:E0******** *************** ***********@mic rosoft.com...
Hi Mark...

Okay, now this is getting a little weird. After seeing your post, I went

to
www.w3c.org and read sections of rfc2965 about cookies, and it does say in
there that the names of the cookies are case-insensitive, so the fact that
IIS behaves inconsistently could be argued as not a bug, but then the bug
just moves to IE, which is treating the cookie names as case-*sensitive*.

I.e. If I get the first reported problem to happen (the name of the cookie
switches case), from then on, IE will pass up *both* versions of the

cookie
and the upper case one seems to trump the lower case one when you go to

look
for it. In other words, you can never find that lower case cookie in ASP
even though IE is sending both back up.

Further muddying the waters is that your modification (referencing
Request.Cookies ("TEST")) seems to undo whatever state in IIS gets the

state
mixed up in the first place. If you're watching the headers returned from
the page with your modifications, the cookies in question *don't* switch

case
on their names anymore. If you comment out those lines and just watch the
headers, IIS is messing with the case.

I made another small mod on your mod so that now it will set the cookie

with
the querystring value, if any. Otherwise it sets it with the time of day.
Adding this on below. So in summary, it seems like IIS has a small bug

that
MS might try to explain away as "acceptible inconsistency" and IE has a

bug
in that it doesn't manage cookies of similar names properly.

<%@Language=Jsc ript Enablesessionst ate=false%>
<% var exp = new Date();
exp.setTime(exp .getTime() + (2 * 365 * 24 * 60 * 60 * 1000))
var expDate = (exp.getUTCMont h()+1) + "/" + exp.getUTCDate( ) + "/" +
exp.getUTCFullY ear()

//Response.Write( "TEST cookie:" + Request.Cookies ("TEST") + "<br>" );
//Response.Write( "test cookie:" + Request.Cookies ("test") + "<br>" );

var x = Request.QuerySt ring ("test");
if (String (x) == "undefined" ) x = (new Date()).toStrin g();
Response.Cookie s("TEST") = x;
Response.Cookie s("TEST").Expir es = expDate;
%>
Thanks
-mark
"Mark Schupp" wrote:
possibly I am missing something (I'm not all that knowledgable about
cookies) but the cookie collection does not appear to be case-sensitive.

Running the below code gives the same value for "TEST" as for "test" on the second request (all cookies were deleted first).

%@Language=Jscr ipt Enablesessionst ate=false%>
<% var exp = new Date();
exp.setTime(exp .getTime() + (2 * 365 * 24 * 60 * 60 * 1000))
var expDate = (exp.getUTCMont h()+1) + "/" + exp.getUTCDate( ) + "/" +
exp.getUTCFullY ear()

Response.Write( "TEST cookie:" + Request.Cookies ("TEST") + "<br>" );
Response.Write( "test cookie:" + Request.Cookies ("test") + "<br>" );

var x = Request.QuerySt ring ("dummy");
Response.Cookie s("TEST") = "This is a test";
Response.Cookie s("TEST").Expir es = expDate;
%>
--
Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com
"Mark" <mm******@nospa m.nospam> wrote in message
news:C1******** *************** ***********@mic rosoft.com...
> Sorry... The point is to look at the cookie-setting that is done in the > response. Adding a lot of code to dump out the current cookie state I
> thought would gum up the example.
>
> The main point is that given the code below, one would expect *always* to see
>
> Set-Cookie: TEST=This+is+a+ test; expires=Wed, 28-Feb-2007 05:00:00 GMT; path=/
>
> as a header response for this page, since the name and case of the cookie is
> a hard-coded literal value in the code. The bug in IIS is that if you
have,
> say, &test=x on your query string, IIS returns
>
> Set-Cookie: test=This+is+a+ test; expires=Wed, 28-Feb-2007 05:00:00 GMT; path=/
>
> as the cookie setting (notice the case difference).
>
> This is a problem because when you look for Request.Cookies on subsequent > page views, those *are* case sensative, so the fact that you're not
setting
> the cookie you think you are can cause a lot of problems.
>
> The response header case-insensativity problem only seems to occur
> a) when there a querystring variable exists with some other representation > of the name and
> b) when the code uses Request.QuerySt ring ("var") to get the Request
object
> to parse the query string. Note that you don't even have to be looking for
> the variable (sort of) sharing the cookie name; anything to get Request to > parse the query string into a collection.
>
> If you leave &test=x off of the url or if you take out the
> var x = Request.QuerySt ring ("dummy");
> line, you get the first, correct cookie header as a response.
>
> Thanks
> _mark
>
>
> "Mark Schupp" wrote:
>
> > 2 problems.
> >
> > Your question does not make any sense to me.
> > Your example page does not display anything.
> >
> > Please restate the problem as clearly as possible with examples of the what
> > you expect to see that you are not seeing happen.
> >
> > If possible, provide a sample page that displays the difference.
> >
> > --
> > Mark Schupp
> > Head of Development
> > Integrity eLearning
> > www.ielearning.com
> >
> >
> > "Mark" <mm******@nospa m.nospam> wrote in message
> > news:19******** *************** ***********@mic rosoft.com...
> > > Hi...
> > >
> > > I've come across some weird bug with Response.Cookie s. Or maybe it will
> > be
> > > called "by design" but for the life of me I can't figure out what
purpose
> > it
> > > would serve. If you're setting a cookie (say Response.Cookie s
("TEST"))
> > and
> > > you have a query string variable &test=x or &Test=x and you get
> > > Request.QuerySt ring to parse the query string, the cookie that gets > > dropped
> > > matches the case of the query string, not what your code says. In
other
> > > words even though the code says Response.Cookie s ("TEST"), it drops > > > Response.Cookie s ("test") instead.
> > >
> > > Anyone have any idea what's going on here? There's an example below. Try
> > > it with http://127.0.0.1/cookieTest.asp?test=x and without the query > > string
> > > variable.
> > >
> > > <%@Language=Jsc ript Enablesessionst ate=false%>
> > > <% var exp = new Date();
> > > exp.setTime(exp .getTime() + (2 * 365 * 24 * 60 * 60 * 1000))
> > > var expDate = (exp.getUTCMont h()+1) + "/" + exp.getUTCDate( ) + "/" + > > > exp.getUTCFullY ear()
> > >
> > > var x = Request.QuerySt ring ("dummy");
> > > Response.Cookie s("TEST") = "This is a test";
> > > Response.Cookie s("TEST").Expir es = expDate;
> > > %>
> > >
> > > Thanks
> > > _mark
> >
> >
> >


Jul 22 '05 #7

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
2663
by: Glen | last post by:
Hi, I am looking for a way to delete (expire) all the cookies that we've ever written to the user's machine. I have found several scripts, however I have come across one "gotcha." The scripts I have found all look something like this: response.buffer = "true" dim x
2
2490
by: Scott | last post by:
I would like to have my ASPX page call a function intended to make changes the the current Page.Response.Cookies. I had thought that to allow the function to modify the Cookies, I would have top pass the collection by REFERENCE. But I am getting "A property or indexer may not be passed as an out or ref parameter" Here is a simple example of what I am trying to do...
6
4333
by: Sam | last post by:
I have some issues with HTTP Headers and I was hoping for some pointers or references to good articles. Here is the problem. I have 6 .aspx pages, each page contains a common .ascx. This ascx serves two purposes, 1. it contains a tab strip with response.redirects to navigate to the other pages; 2. I authenticate the user by check to see if a cookie exists, if it doesn't I redirect to a login screen.
1
3591
by: Earl Teigrob | last post by:
When I write inline code on a aspx page using Page.Response.Cookies() to read a cookie, everything works fine, as in the following code. Dim x As Object = Request.Cookies("thing") If x Is Nothing Then CurrentValue.Text = "No Cookie Defined" Else CurrentValue.Text = Request.Cookies("thing").Value End If However, I wanted to move the code to a shared method so I do not have access to the instance Page class any more so I used the shared...
14
2984
by: tomer | last post by:
Clear DayHello, I have implemented a download manger in .NET that overrides Internet Explorer's bult-in download manager. I using HttpWebRequest/Response to download the files. All is working well except when I try to download an attachment file from a web-based mailbox. I've tried using credentials and saving the cookies, nothing helps.
1
11460
by: Alex Nitulescu | last post by:
I have the following very simple colde (while learning about cookies and session state): Private Sub cmdAddCookie_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles cmdAddCookie.Click Dim strCookieName As String Dim objRandom As New Random() strCookieName = "MyCookie" & objRandom.Next(Integer.MaxValue).ToString
1
1636
by: Kevin Blount | last post by:
Background: My script is designed to only allow the downloading of a file if a cookie exists to say that someone is logged into my companies site. A colleague set up a test area the extension .EXE is associated with the aspnet_isapi.dll. This means that if anyone tries to access a .EXE file in this area, web.config is run and web.config contains the code: <authentication mode="Forms"> <forms name="myCookie2" loginUrl="login.aspx" />
4
11445
by: mike.biang | last post by:
I have an ASP page that is using an XMLHTTP object to request various pages from my server. I keep a single session throughout the XMLHTTP requests by bassing the ASPSESSIONID cookie through the XMLHTTP object. However, when the page requested through the XML object makes a <%Response.Redirect()%> call, a new session is created each time. Is this a flaw in the XMLHTTP Object? How can I force the session to remain the same after a...
10
1680
by: _Who | last post by:
Given Request.Cookies and Response.Cookies in asp.net is there any reason to ever use javascript or any other method to use cookies? Thanks
0
9993
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
0
10858
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
1
10951
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
10484
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
1
8036
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
7188
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
6078
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
4707
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
2
4296
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.