Why Is Cookie Available In Request Immediately After Setting Using Response
Aug 4, 2010
In pageload, if you do Response.Cookies.Add(..., immediately in the next line, you can access that cookie via Request.Cookies(... I know that under the covers, the cookie is added to Request.Cookies by .net, but the original request never had that cookie.
If what I'm saying is correct, why is it this way? Shouldn't the cookie be available in the following request? Shouldn't the immediate access to Request.Cookies(... be null?
My web site is integrated into a client web site. Client web site reaches out to my site through an Xml request and I return Html embedded in an Xml response. Client site then displays the Html in an area on a page on their site. All is well so far...
Now, there is a link on the Html that does an HttpPost back to my site which causes a re-direct to another page on my site. i.e. [URL] -> HttpPost -> [URL]-> Response.Redirect("CookieTest.aspx"). Still, all is well. [URL]
All of the above can occur without authentication to mysite. Where I start running into problems is when CookieTest wants to do a FormsAuthentication.SetAuthCookie(). If I put a button on CookieTest that does FormsAuthentication.SetAuthCookie() and then Response.Redirect("SecurePage.aspx"), still under [URL], the SecurePage does not recognize the authentication because the auth cookie is not present.
1. Navigate straight to CookieTest.aspx
So I simplfied the problem into basic cookie set/read excercise and used the code below to test out cookie writing/reading ability. When I call the page directly from the browser I see that on initial load the response cookies are empty. Then on button click I see that the cookie is properly set in the response. Then on subsequent page refresh I see that the page load shows the request cookie.
2. Navigate to CookieTest.aspx in an HttpPost from [URL], as mentioned above.
Now on button click I see the cookie in the Response but do not see it come back in the Request of subsequent page refreshes, as if the client browser is rejecting cookies set by my server.
3. Navigate straight to CookieTest.aspx, then do the HttpPost from [URL]
In this case, since the cookie was set during a straight navigation to CookieTest.aspx, the cookie is present in the subsequent HttpPost/Redirect from [URL]. CookieTest.aspx has full access to the cookie and can even delete it.
4. Have CookieTest.aspx pop a new browser window simply sets the cookie and closes itself down.
Similar to #3, if the cookie is set through a popup window and then CookieTest is refreshed the cookie is present in the Request.
Notes:
The code does prove that the client browser accepts cookies.
When my page (CookieTest.aspx) is shown within the frame on the [URl] page, during any link back to my server, the Request.Url.Host shows my domain.
An external server sends incoming SMS messages converted to HTTP requests into my sometimes very time-consuming .aspx page. If no response is returned to the external server in 20 seconds, this is considered as an timeout and the same message is sent to my aspx page again (and maybe again....The optimal solution for me would be that the aspx page reads the incoming message (as an HTTP request to the aspx page), starts the processing of the message in another thread, and immediately renders response back to the external server. The external server has no interest in other stuff than the HTTP status (normally 200). When the processing of the message is completed this results in an entry into the log file of the application.
Is it at all possible to inject a request into IIS for a page, have IIS and ASP.Net handle it as normal, but get the response as html handed back to me programmatically?
Yes, I know that I could connect to port 80 using WebRequest and WebResponse, but that becomes difficult if you are accessing the IIS server from the same physical machine (loopback security controls et al).
Basically, I want to inject the request (eg for [URL]) between the points at which IIS would normally talk to the browser, and the point at which it would route it to the correct ASP.Net application, and get a response back from IIS between the points at which ASP.Net/IIS applies the httpfilters and hands the html back to the browser.
I'm predominantly working with IIS7 so if there is a solution that works just for IIS7 then thats not an issue.
I have an ASP.NET website for which i've set the authetication timeout to 60 days so that my users don't have to log in each time they come back if they checked the "remember me" option. Basic ASP.NET login mechanism... It's working fine on my developpement server as well as on the visual studio built-in web server. I can close the browser, wait around 30-40 minutes and browse back to the site and be automatically logged in.
However, I've not moved the site to a hosting provider and it seems that whatever I do to my Web.config file, the cookie expires after around 30 minutes (hard to tell the exact amount of time). I have asked the provider's help support and they basically told me: "Web.config file is to configure your website. Please do not change it if you don't know what you are doing"Frustrating answer indeed... be sure, I checked everywhere on the net for exceptions, fine prints, in the basic asp.net authentication but found none.I have access to IIS remote management for my site (IIS 7) but don't really know where to look. Can there be something in the IIS setting that is overriding my web.config authentication setting?
I am trying to use a custom ITempDataProvider provider to store TempData in a browser's cookie instead of session state. However, everything works fine except that I am unable to remove the cookie from the Response stream after reading it. The code exexutes fine but the cookie won't go away.
Anything I have tried didn't work. Currenly I have following code to change asp.net session cookie expiration date and path, but asp doesn't want to listen to me. I sends same cookie in Set-Cookie header two times sometimes, sometimes it sends it's default cookie ignoring path and expiration date, sometimes it sends everything as expected, and sometimes it doesn't send Set-Cookie at all. What should I do.
My code in Global.asax
protected void Application_PreRequestHandlerExecute(Object sender, EventArgs e) { /// only apply session cookie persistence to requests requiring session information if (Context.Handler is IRequiresSessionState || Context.Handler is IReadOnlySessionState) { var sessionState = ConfigurationManager.GetSection("system.web/sessionState") as SessionStateSection; var cookieName = sessionState != null && !string.IsNullOrEmpty(sessionState.CookieName) ? sessionState.CookieName : "ASP.NET_SessionId"; var timeout = sessionState != null ? sessionState.Timeout : TimeSpan.FromMinutes(20); /// Ensure ASP.NET Session Cookies are accessible throughout the subdomains. if (Request.Cookies[cookieName] != null && Session != null && Session.SessionID != null) { Response.Cookies[cookieName].Value = Session.SessionID; Response.Cookies[cookieName].Path = Request.ApplicationPath; Response.Cookies[cookieName].Expires = DateTime.Now.Add(timeout); } } }
we're in the process of trying to speed up the performance of our website by serving static content from a cookieless domain. That seems to be going well, but I have a new question:
I know that it's "static content" that we're talking about when serving it from a cookieless domain, but we also have static content being served by ASPX pages, specifically images. For example:
I set up my 1.1 and 2.0 applications to run on the same website (in different app pools) But the application written in 2.0 code cannot read a cookie on the request coming from a different system.Similar code reads the cookie on the 1.1 website.If I deploy my 2.0 application on a different machine, the code works fine and gets the cookie. Here's the code:
IsNothing(Request.Cookies("HRWebSession"))
In 1.1 application the above returns false, and in 2.0 above returns true. On debugging and watching the value of response,cookies, I dont see the cookie. Since the same application works fine on another server, I am assuming there is some error in my setup. I am using IIS 6 on W2003 r2.
I want to allow admins to be logged in for longer than normal users. I don't see a hook for setting the cookie timeout programmatically or in a role-based way. Is this possible in ASP using Forms Authentication?
I'm implementing the session sharing structure from this link for an ASP classic site to begin the gradual conversion process to ASP.NET. I'm trying to extend the cookie expiration time so that users do not get signed out of the site when the session expires. At the place where the cookie is created in SessionPage.cs I've added the line in the CreateNewSessionCookie() method: cookie.Expires = DateTime.Now.AddDays(14);
Now this works fine, however, it only works if the user first visits an ASP.NET page, and then visits the ASP classic pages. It doesn't work if visiting an ASP classic page first (looking at the cookie through firefox confirms that different expiration values are given based on if I visit an ASP or ASP.NET page first.) I'm still a bit fuzzy on the mechanics behind this implementation as I don't have a complete understanding of session and cookie handling. However, I would have thought that the VB6 SessionMgr object is calling the SessionUtility DLL, and thus is using the same code to issue the cookie. I have re-registered the SessionUtility using gacutil, and re-exposed it using regasm. How else is the cookie being issued when a user accesses an ASP classic page? How can I change the expiration time?
I have deployed a Web application on IIS 6. I want to prevent my server from setting cookie on the client browser. I am using the following setting on the web.config file.
However, it looks like its creating a default cookie named ".ASPXAUTH" in the client machine. I dont want my application to create any sort of cookie.Is there anything specific I need to do in web.config?
When calling Response.Cookie.Add(new HttpCookie("MyCookie", "objValue")); where does the cookie saved? on Client Machine or Server Machine?
EDIT:if saved in Client Machine, how can I read it from javascript then? I tried this kind of script.
function getCookie(c_name) { var i, x, y, ARRcookies = document.cookie.split(";"); for (i = 0; i < ARRcookies.length; i++) { [code].....
I cannot get the cookie that I saved from code behind. When I look into the document.cookie object, it is just an empty string.
Scenario:On Page_Init() on code behind. I create a cookie using Response.Cookie.Add(new HttpCookie("MyCookie", "cookieValue"));. On Client side, I'm trying to read the cookie saved from code behind on page load using the snippet above, but it returns undefined
In order to support a legacy application that's in the field, I need my ASP.NET MVC app to return an empty response that also has a Content-Type. One of IIS, ASP.NET, or ASP.NET MVC is removing my Content-Type when I send back a null response. Is there any way around this? (While not requiring an empty response with a set Content-Type would obviously be the ideal solution, the clients are already out there, and many of them cannot be upgraded.)
EDIT: Since there was a request for code: I'm proxying the request from the new web application to the one that older clients rely on. To do this, I have a subclass of ActionResult, called LegacyResult, that you can simply return for those methods that need to be handled by the old software. This is the relevant part of its code:
public override void ExecuteResult(ControllerContext context) { using (var legacyResponse = GetLegacyResponse(context)) { var clientResponse = context.HttpContext.Response; clientResponse.Buffer = false; clientResponse.ContentType = legacyResponse.ContentType; /* Yes, I checked that legacyResponse.ContentType is never string.IsNullOrEmpty */ if (legacyResponse.ContentLength >= 0) clientResponse.AddHeader("Content-Length", legacyResponse.ContentLength.ToString()); var legacyInput = legacyResponse.GetResponseStream(); using (var clientOutput = clientResponse.OutputStream) { var rgb = new byte[32768]; cb; while ((cb = legacyInput.Read(rgb, 0, rgb.Length)) > 0) { clientOutput.Write(rgb, 0, cb); } clientOutput.Flush(); } } }
If legacyInput has data, then Content-Type is set appropriately. Otherwise, it's not. I can actually kluge the old backend to send an empty v. non-empty response for exactly the same request, and observe the difference in Fiddler.
EDIT 2: Poking around with Reflector reveals that, if headers have not been written at the time that HttpResponse.Flush is called, then Flush writes out the headers itself. The problem is that it only writes out a tiny subset of the headers. One of the missing ones is Content-Type. So it seems that, if I can force headers out to the stream, I can avoid this problem.
I need to I can make the web request to a webservice which take a XML argument. And is expected to return a Binary response. I am able to make the request but while recieving the response back I am unable to get the response in binary. When I read the response using streamreader see the header and some attached "HEBRISH" words probably binary but unable to sepreate it out. Please help in seprating out the binary the response data.
I'm developing a client of a webservice in C# with VS.NET 2008.And I would like view the xml response of my request to the web service. which i have call . Is it posible?
where i need to understand the Raw XML Request and Response send thru when an web service API is called.We are using a Third part web service i.e. we have reference a third party wsdl file in our application and using its APIs defined.For Authentication purpose we are using web service extension in Framework 2.0
I have a button that calls a click event to download a picture. In my click event I have some code to change my display as the Save dialog pops up. The issue I am having is that when the dialog comes up it stops the previous line of code from executing. How can I check to see that my code has executed before calling the function?
I am using an SMS Gateway to make my application receive SMSs. For this, the SMS Gateway sends a request to one of the pages in my application with the message as a querystring parameter. eg.[URL]. Now after my page gets invoked, I need to send an OK response to the SMS Gateway so that it doesn't keep retrying to send the same message to my application again and again. I cannot figure out how to send the OK response.
I am trying to the following to return xml response from an http request
Code: Try Dim id As String = Request.QueryString("id") Dim xmlOut As String = "" cn.ConnectionString = "Data Source=192.168.1.2;Initial Catalog=db;Persist Security Info=True;User ID=sa;Password=pass" dad = New SqlDataAdapter("select * from tbl where id = '" & id & "'", cn) ds.Clear()
[Code] ...
Is there some other way to do this without having to resort to writing the xml to a temp file on C drive and reading it again to display the output ?