IE Does Not Set-Cookie With ASPSESSIONID When User Comes With JSESSIONID
I have code written in VBScript that accepts a POST submission from an external server to perform an auto-login to our website. I am experiencing an issue with Internet Explorer ONLY that I have determined using Fiddler.
The problem is that when I POST to this page, I need to set a few session variables that are passed on to the following page after logging in. But using fiddler, I have realized that for some reason, in IE, the "Set-cookie" statement in the headers is never acted on by the server. On all following pages the "set-cookie" header is sent on every page, but the ASP SESSION header is never set that indicates the session was started.
If I do the same test in Firefox, it works perfectly fine, no problem. So it seems IE is the issue.
One other fairly important piece of the problem appears to be that the external server that is initiating the POST submission is running Java, so when the user is on the external server their browser is maintaing a JSESSIONID value. But when they submit the POST form over to our server, the Set-Cookie directive is trying to set an ASPSESSIONID, which is never accepted by the browser...
So is it possible that for some reason IE is not able to handle a user coming from a JSESSIONID over to an ASPSESSIONID?
I need to somehow work around this, or somehow force the ASPSESSIONID to kick in, because it is critical that I can set session variables for use on later pages.
I am using the XMLHTTP object to request a page from within another ASP page. For my scenario, the two pages should operate in the same session. However, when I request the second page, a new session is created. This makes sense since it is coming from a different client (the XMLHTTP object as opposed to my browser).
I've tried to pass the ASPSESSIONID cookie along with the XMLHTTP post, but every time I pass the valid cookie, the XMLHTTP request times out.
Has anyone experienced anything similar to this? Is what I am trying to accomplish even possible?
This is a question that has probably been answered before on the newsgroup but probably in fragments. This is what I would like to do, and I only have a very vague idea where to find the answer. Directions would be useful.
1. Users arrive at the site. If they are registered they log in. If not they sign up for registration.
2. The authentication information such as username and password are held in a db, for security reasons the password should not be passed in plain text.
3. When the user is logged in the session information should be held in a cookie so that if the user returns in a short period of time they will automatically be logged in. The cookie will also be used to personalise certain parts of the site.
We have an intranet which is personalized using a cookie which we set. I have an outside vendor who is developing an application which will live on a seperate server. Is there a way they can read the cookie which we set to log user into their application so that we can make it a seamless transition?
I can't seem to find again where this cookie is placed by IIS. Can someone quickly respond with its location. Thank you. Also, does anyone know if this system created cookie has the same attribute of SECURE as does a developer created cookie? I know it's read only but how can I secure it. I'm using 128 SSL in addition.
It was recently brought to my attention that a cookie that gets set for access to our intranet is being appended with ASPSESSIONIDSCBRRTTR followed by a long string of random characters and no one seems to know who or what is setting this.
Can anyone provide me with some insight? Is this an automatic ASP or IIS function or is it something to be concerned about?
How do you change the ASPSessionID during a web session? I have an ASP application in SSL. The first screen is a login screen, which requests user id and password. An ASPSessionID is assigned for this page. Once the user is authenticated by valid id/pwd, the second page starts the real applicaiton. I want to change the ASPSessionID to be different from the first login page, which was issued to an unauthenticated user. How do I do that in ASP?
When I set a cookie in global.asa in the sub session_onstart, even if I have "privacy" in IE 6.X set to "block all cookies" the cookie is still set, and I can get it on other pages.
I can't find an article that addresses this as a specific issue. Why does the browser get the cookie when it is set in the session_onstart event even when I have "block all cookies" set?
I have written an ASP.NET 2.0 application that uses Active Directory or ADAM to manage account users - the site has a page that allows people to create an account (much like any site). The page populates the AD with all the information and the user account but I am unable to enable the account. Microsoft has information on how to do that here --> http://msdn.microsoft.com/library/d...ting_a_user.asp (the sample is for Visual Basic) - and I am unable to complete the bottom portion of the script. Can some one point me in the right direction - or can you tell me how I can add a snippet of VBscript code to an ASP.NET page.
I am using the Active DS Type library - not sure why there are multiple ones (System.DirectoryServices) but it is rather confusing - I seem to accomplish one thing with one and another with the other (they did have trouble co-existing however). Anyway my script works very well but I am not able to access the properties required to enable the account.
Here is a simple version (no error checking) of the code.....
how to go about setting up an asp script or flash action script to take the input from a user of his/her username and password then send an email to the user with the information. I am able to do all of this but the problem is that the users pc is the one sending the email. I want the server to send the email instead.
The problem is that the code for "change_school.asp" takes the user right to "portal.asp". I checked the code of "change_school.asp" and it does indeed set a cookie value for "school", but for some reason "default.asp" is still finding the old cookie stored and then redirecting...any ideas guys?
'code for change_school.asp...clears the cookie "school" and redirects to page (default.asp) where user can select a new school <% Response.Cookies("school")= "" Response.Redirect "default.asp" %>
'code for default.asp which allows user to select a new school, and if the cookie "school" has some value then they are redirected. <% If request.cookies("school") <> "" then Response.Redirect "portal.asp" end if %>
On this website i am building it has password protection on certain pages. So i have a "login" portion on the right side of the page, that is shown on every page. When someone logs in is it possible to change that little section to just say Welcome so and so? Instead of having the username and password form with submit button?? Or is this something that requires some java to hide it?
Part II When someone logs in i want them to recieve a cookie, in that cookie i want it to contain the person's name (wich i want the to be put next to the "welcome back on part I), email address, and up to four other numerical values. (some people will have greater access to sections of the site depending on who they are)
Is is possible to grab this information from the SQL database and put in the cookie? If so can anyone please show me, point me in right direction, ect?
I'm using FrontPage Database results wizards to retrieve data from Access. I have a cookie containing a number I'd like to insert in a custom query. Whenever the page opens, I want the query to run using the value in the cookie. I haven't been able to figure out how to transfer the cookie value into something the FP webbot will accept in the query.
What i am trying to do is this: I want to make a cookie. If someone comes back to a page (say after an hour after they left)i want them to get a specific popup. If someone comes back after than hour I want them to get a different popup, telling them something different.
I'm going to go down this route of Cookie detection
<%
If Request.Querystring("Check") = "" Then
Session("cookietest") = "True"
Response.Redirect("cookietest.asp?Check=True")
Else
If Session("cookietest") Then
<!-- Execute code if enabled -->
Else
<!-- Execute code if disabled -->
End If
End If
%>
I’m a little worried, do you know how spiders work with regards to this sort of thing? My site gets some traffic due to it being spidered by the likes of google and I don’t want to loose that flow.
If I use this at the entry point of my site to redirect browsers with cookies turned off to a page telling them to turn them on will that stop the spiders?
im trieng to delete it before the expired time has comed anyway i am trieng to delete it by setting the cookie to ""
like so: Response.Cookies("name") = "";
but its not working but...i found out that if i dont set the path it is being deleted but i have to set the path because from some reason without it i have issues where the cookie is not found in some pages.
I have a problem with a Cookie in an ASP page. Without any apparent reason, one of the Cookies disappears, but the others are ok.
I'm at Page1, a link goes to Page2. Page2 redirects to Page3 and Page3 redirects to Page1. When I'm back to Page1, sometime, one of the cookies don't exist anymore... But the others are there! The disappeared Cookie isn't always the same, in the 18 Cookies that I have.
The environment is composed of 4 clustered servers. Page1 is SSL, but not Page2 and Page3.
I don't have more than 4KB (1.86KB to be more precise) of data and I don't have more that 20 Cookies on the same domain.
I want to retrieve the value of a cookie to make a form a little more user friendly (our intranet is configured to set a cookie for User First Name, Last Name and Email when they log in)
Unfortunately I can't figure out how to retrieve the value of the cookie. I've been trying:
<% Response.write Request.Cookies(UserLName) %>
But it gives me an error - I used Checky to make sure the cookies are there and they do exist:
When I run the ASP page for the first time, I find out, that the Cookie file name contains some several special characters such as %5F, which are encoded with a URLEncode function. So, I have the following string (after convert): ....
Is there a way to store an array of information in a cookie? ie. a user can have a "x" long list of a variable stored in a cookie, so when they return to the site this information can be retrieved.
I need to revisit cookie testing. On the home page and every product page I write a cookie. I do this because some users enter by direct links to product pages.
<% Response.Cookies("cookietest") = ("49") Response.Cookies("cookietest").Expires = Date + 2 %>
On the cart page I test for the cookie...
<% If Request.Cookies("cookietest") <"49" Then Response.Redirect("err.asp?e=1") End If %>
I have a user that insists he has cookies enabled, yet he keeps getting redirected to my error page which suggests he does not have cookies enabled. What could cause this? Is the above too simple for all circumstances?
Is there more extensive code that I could setup on a hidden page where I can send users to get read out on how they actually have their browsers setup? i.e. Run a test on their browser and the results are emailed to me.
I have an asp page where i created cookies-for admin and for user. The aspx page reads these cookies. Everything seems to work fine but now i have to create a new cookie if cookie has expired or if cookie is null. Also, i am having problems with the expire because if the username belongs to the admin for example and then i want to change the username that belongs to a normal user the cookie recognises the first (admin) cookie. How do i solve this? .....
if (request.cookies("example") <> "" response.redirect("login.asp") response.end end if
(I will try to explain as easy i can), so in the login.asp using a .mdb i get the username and check with the password, and putting the username in the cookie in this case called example, but using some cookie poisoning i can be anybody logged in, even sb out of the table of users, i didn't use the session object, i wanted to use a cookie because i got curiosity and i didn't understand what is the difference, and actually i don't understand so much...anyways i got 2 questions, how i do sth for protect the cookie for cookie poisoning and what is the difference between the session and the cookie (from the little what i know is that the session is a predefined cookie that has some encrypting stuff and that so on and got some properties, methods right? and the cookie is just a information holder without any extra stuff as the session object has, am i right?)
I have created code to create a cookie about a user when their login and when they tick a remember me box.
The problem is though the the data in the cookie is stored in plain text. Which means I can use firefox and it webdeveloper tool to look at the cookie and change the values.
My question is how do you encrpyt a cookie so it doesnt store the info in plain text?
well in session we got session.abandon and all the bad sessions gone... i need to delete cookies from users side, there is option for this in asp dot net but in classic asp how we can do it?
I've set my IE6.0 to prompt me for all cookies, which it does for all web pages I visit, but not for the above asp page which is hosted from IIS5.1 on my PC. I can see the cookie being created in my Cookies folder, but would like to be prompted first!