Updating ASP cookie from ASP.NET (vice versa) 3

You might encounter a case where updating an ASP (classic/3.0) cookie from ASP.NET code (or vice versa) doesn't work. That is despite updating the cookie value, the old value still remains. [more]

I was working on a having an ASP page communicate some information to an ASP.NET (2.0) page and vice versa and since the information was not that critical/confidential a cookie would do (** for critical information, it is usually done using a common datastore/database or session though that not secure. will not discuss here for now). I expect it to be seamless since they're accessing the same set of cookies after all. However to my surprise it was acting weird.

After a review of some code and I was certain that each of them updates the cookie correctly, it was time to bring up fiddler (or any cookie viewer) and it's when I started getting more clues.

To illustrate better I came up with the following simple ASP and ASP.NET pages

<!– start of ASP code (VBScript) –>

<html>
<body>
    <%

    Response.Write("Old Value = " & Request.Cookies("a"))
   
    dim newValue
    newValue = "Classic"
    Response.Cookies("a") = newValue
    Response.Write("<br/>")
    Response.Write("Attempted New Value = " & newValue)

    %>
    <br />
    <br />
    <a href="Default.aspx">ASP.NET Page</a>
</body>
</html>

<!– end of ASP code –>

<!– start of ASPX markup –>

<%@ Page AutoEventWireup="true" Codebehind="Default.aspx.cs" Inherits="ASPCookieASPNETCookie._Default"
    Language="C#" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1" runat="server">
    <title>Untitled Page</title>
</head>
<body>
    <form id="form1" runat="server">
        <a href="Default.asp">Classic ASP Page</a>
    </form>
</body>
</html>

<!– end of ASPX markup –> 

And the codebehind (C#)

    1 using System;

    2 

    3 namespace ASPCookieASPNETCookie

    4 {

    5     public partial class _Default : System.Web.UI.Page

    6     {

    7         protected void Page_Load(object sender, EventArgs e)

    8         {

    9             Response.Write("Old Value = " + (Request.Cookies["a"] != null ? Request.Cookies["a"].Value : ""));

   10 

   11             string newValue = "DotNet";

   12             Response.Cookies["a"].Value = newValue;

   13             Response.Write("<br/>");

   14             Response.Write("Attempted New Value = " + newValue);

   15         }

   16     }

   17 }

 

So as you can see I'm trying to manipulate a cookie named "a". This is what appeared in Fiddler after loading the two pages one after the other.

Now that is two cookies with the same name. My initial reaction was it shouldn't have been possible but I trusted fiddler enough so I roamed around the web and finally got my answers especially from here

Despite belonging to the same domain, the uniqueness of the cookie is also affected by the cookie's Path property. That is two cookies with the same name and from the same domain (or subdomain) can exists if they belong to different paths (application path).

So to make the long story short if you want make the cookie updateable from both ASP and ASP.NET the path has to be identical (and reasonable ofcourse not just some random path)

Either:

1. Add this to the ASP code : Response.Cookies("a").Path = "/"

2. Or Add this to the ASP.NET code : Response.Cookies["a"].Path = "/<yourApplicationName>"; 

You can use Page.ResolveUrl("~") to determine application name but make sure to remove the trailing "/" in the resulting string (.NET 2.0 seems to add a trailing "/" but not .NET 1.1 if I remember well) 

or ofcourse the equivalents if you're not using VBScript/C#.

That's it and you're good.


Other Info:

1. Attached sample download project here : ASPCookieASPNETCookie.zip (5.33 kb) ** Note that this is a Web Application project that uses IIS as web server (right click on Project –> Properties –> Web tab and set accordingly and see attached screenshot too for more info UseIISWebServer.gif (20.06 kb). Also note that creating a virtual directory from the page would not automatically set Integrated Windows Authentication on for the created virtual directory (it inherits from the website properties) and running F5 from Visual Studio would throw a dialog saying such should be enabled. To enable, open IIS Manager –> site/virtual directory properties –> Directory Security tab –> Edit –> Check Integrated Windows Authentication.

2. Note that using IE7 and localhost will not register any traffic in Fiddler. Work around is to use machine name or add a "." after localhost (eg. http://localhost./AppName/TestPage.aspx)* note the dot "." after localhost. You can do this by manually editing the URL/address bar of the browser or setting it in the Web Properties page mentioned in item 1 above.