CODEWITHSUNDEEP
asp.netc#-4.0cookiesashx
xoail
xoail

Reputation: 3064

cookie persistence in ashx calls

siteA.com calls sitecookie.com/cookies.ashx and sets a cookie "cookiename" for sitecookie.com domain. Same browser, same window, new tab, siteB.com calls sitecookie.com/cookies.ashx and tries to get the same cookie "cookiename" (again for sitecookie.com domain) but is null.

cookies.ashx implements IHttpHandler, IReadOnlySessionState and conformsTo [WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]

So the question is, why is it null and can we retrieve it?

This is how i make requests from siteA and siteB:

 WebClient fs = new WebClient();
            var data = fs.DownloadData("http://sitecookie.com/cookies.ashx");
            var tostring = System.Text.Encoding.ASCII.GetString(data);
            return tostring;

This is how i read cookie in cookies.ashx the return value is a string.

 var cookie = context.Request.Cookies["cookiename"];
            if (cookie != null) return cookie.Value;
            return "false";

This is how i write cookie in cookies.ashx

HttpCookie cookie = new HttpCookie("sso");
            cookie.Value = context.Request.QueryString["token"];
            cookie.Expires = DateTime.Now.AddDays(1);
            context.Response.AppendCookie(cookie);
            return "true";

Upvotes: 0

Views: 1500

Answers (2)

Richard Hammond
Richard Hammond

Reputation: 107

Your answer is correct but it IS possible to retrieve cookies between subsequent .ashx calls. You need your .ashx file to 'retrieve' the cookies from a file or from a database record (I communicate with my database via a named pipe to achieve this) at the start of your .ashx file code, and 'store' them into the same file or in the same database record at the end of your .ashx file code.

Don't forget to record these essential components of your cookie: Name, Value, Domain, HttpOnly, Secure and Path and regenerate the cookies with these components set correctly or else nothing will work! But - if you do it correctly you CAN 'fool' your remote server - which possibly creates the cookies in the first place - to see no difference in your .ashx file code invocations when you communicate with it (using Http?) and passing its own cookies back and forth in a cookie container. Good luck ..

Upvotes: 0

xoail
xoail

Reputation: 3064

It turns out this is not possible since every call to http://sitecookie.com/cookies.ashx is treated as a new request and asp.net will initiate a new sessionId. The only way to persists is by storing the sessionid and passing it along on each subsequent requests. For me that solution wont work since I have many clients calling the service and I will not be able to pass sessionid between those clients.

Upvotes: 1

Related Questions