Cookie Detection Problem - Microsoft IIS Web Server and ASP.NET forum at WebmasterWorld - WebmasterWorld

Forum Moderators: open

Message Too Old, No Replies

Cookie Detection Problem

MacPhisto

4:27 am on Sep 2, 2002 (gmt 0)

10+ Year Member

I have a problem relating to detecting whether a browser has enabled cookies or not. The code I am using is rather simple, I set a test cookie, send it to the browser, and then detect whether the browser has retained the cookie in the HTTP header on the next trip to the server.

So I basically did the following:

(on the first page i set a cookie)
Response.Cookie("TestCookie") = "IsSet"

(and then on the following page I test whether the cookie was retained in the HTTP header)

If Request.Cookie("TestCookie") = "IsSet" Then
Response.Write("Cookies are enabled")
Else
Response.Write("Cookies are not enabled")
End If

The problem I am having is when I block all cookies in IE6, the cookie is still retained in the HTTP header, therefore the cookie is not disabled after all. I hope someone can help, I'm not an expert on this area to really know how to fix this problem. Another thing too is that this little test site is running on my localhost. I'm not sure whether this is an issue but I thought I would mention it.

Thanks for your assistance.

Xoc

9:25 am on Sep 2, 2002 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

What do you mean by "The problem I am having is when I block all cookies in IE6, the cookie is still retained in the HTTP header"?

The cookie is still going to be sent down whether you have cookies on or off in IE. If cookies are off, though, the cookie shouldn't be stored. I don't know if an existing cookie from before you turned off cookies will be transmitted or not.

Everyman

5:31 pm on Sep 2, 2002 (gmt 0)

Session cookie: A cookie is set without an expiration date, and remains in the browser's memory but is not written to disk when the browser exits.

Persistent cookie: A cookie is set with an expiration date. It is immediately available in memory, and is also written to disk when the browser exits. The next time the browser is loaded, it is placed into memory if the expiration date has not been exceeded.

With each browser that has cookie option settings, you have to experiment with what any particular "blocking cookies" option may mean. I suspect that there is wide variation among browsers.

1. A given block may or may not affect session cookies, both sending and receiving.

2. A given block may or may not affect the availability of unexpired stored cookies that were present before the block was enabled. It's possible that a block is only a block on accepting new persistent cookies.

If you are writing server-side code to delete a cookie that the server has previously set, you should do two things to overwrite the browser's cookie: 1) Set a new cookie with the same Name=Value pair, but leave the Value blank (this kills the cookie in the browser's memory); and 2) Set an expiration date that is a few months ago. Do not go back to 1970 for your expiration date, as some browsers don't do time calculations properly this far back, and might get confused.