CODEWITHSUNDEEP
asp.netcookiesasp-classic
Schotime
Schotime

Reputation: 15977

Cookie path being rewritten

Does anyone know why when I run a classic asp site and asp.net MVC side by side, that when I create cookies in classic asp, then .net integrated pipeline, adds path="/" to the end of each of them, hence creating duplicates.

eg. If I create two cookies with a path of "/test" then when I run this classic asp page, 2 extra cookies get created with path="/".

The raw headers look like so.

test1=aaa; path=/test
test2=bbb; path=/test 
test1=aaa; path=/test; path=/ 
test2=bbb; path=/test; path=/

however I only ever created a test1 and test2 cookie with the path set to /test.

If turn off integrated pipeline, I only get the two cookies with the correct path. If any further info is need please let me know.

Update: It seems that when classic asp writes the cookie, it puts everything into the value including the path, so when .NET reads the cookies it puts the whole lot into the value and then sets the path as '/' as the default. This seems to only be a problem when you access the cookies in the same request they were written. If you don't inspect the Response.Cookies or Request.Cookies this doesn't seem to happen. I believe this to be a bug, however I'm not sure what with.

Update2: I am setting the cookies like this in Classic Asp:

Response.AddHeader("Set-Cookie", "test1=aaa; path=/test; HttpOnly;");

Upvotes: 4

Views: 2567

Answers (3)

bastos.sergio
bastos.sergio

Reputation: 6764

Have you tried:

Response.AddHeader("Set-Cookie", "test1=aaa; path=\"/test\"; HttpOnly;");

Upvotes: 0

gpinkas
gpinkas

Reputation: 2591

Just a wild guess, but maybe the whitespace is a problem. Did you try to use the normal Response.Cookies infrastructure (see msdn)?

Response.Cookies("Type") = "Chocolate Chip" 
Response.Cookies("Type").Expires = "July 31, 2001" 
Response.Cookies("Type").Path = "/"

To enable the HttpOnly option would be a problem, if this is mandatory for you (see Setting HTTPONLY for Classic Asp Session Cookie).

Upvotes: 1

Chris
Chris

Reputation: 2952

Are you sure that's your exact code, as classic ASP does not require the brackets or the semi-colon at the end, I'm wondering if you have On Error Resume Next set, which would skip over the line and be throwing you a herring of the red variety; you could give this a try:

Response.AddHeader "Set-Cookie", "test1=aaa; path=/test; HttpOnly"

Just a thought, classic asp is an unusual creature sometimes.

Or do you need a trailing slash? ( i haven't access to a dev environment to test right now

Response.AddHeader "Set-Cookie", "test1=aaa; path=/test/; HttpOnly"

Upvotes: 0

Related Questions