The JonShaft Cookie Tutorial
This Cookie tutorial is designed for anyone interested in learning how to control a cookie with ASP.
Original Author: Glenn Cook
Code
Important Update: <% <HTML> Welcome Back, <%Response.Write Then I tell the cookie when I also extract the name of Finally, don't forget to
ASP Trencher, Bryant L. from Baarns
Consulting, sent me an e-mail recently telling me that IIS4.0 machines
using ASP2.0 do not need the leading "." for defining the domain
variable for the cookie, and it works with IE and Netscape! I tested this
out on a local machine of my own and sure enough, it worked perfectly. I
haven't updated the cookie-code you'll see below to reflect that because not
everyone is using that exact configuration, but as ASP and IIS improve so will
these little headaches. Thanks, Bryant.
How it Works:
Green = Server-side ASP code
Purple= HTML Code
Black= Visible HTML Text
Red= My Comments
If Request.Cookies("JonShaft").HasKeys Then %>
<HEAD>
<TITLE>A Jon Shaft Cookie. It's cheesy!</TITLE>
</HEAD>
'
This is my " if then" where I find out if the user
already has the JonShaft Cookie on their system. The HasKeys
attribute is real handy for checking cookies which have multiple values
associated with them- those values are referred to as Keys by ASP.
This cookie says, if they've got the cookie, execute the next statement.
(Request.Cookies("JonShaft")("FirstName"))%> 
<%Response.Write(Request.Cookies("JonShaft")("LastName"))%>!
'This
line basically says, "OK, they've got the cookie, let's Request the
cookie's keys/info and write them to the page." The Response
Object allows me to spit information to the user, the Request Object
allows me to extract it from the user. Basically what we've done
is said, "Check for cookie(Request), extract cookie(Request), write
cookie to page(Response)"
**The   tells HTML to enter a space**
<%
Else If "BadMutha" = Request("ActionType") Then
TheFirstName=Request("FirstName")
TheLastName=Request("LastName")
'The
"Else in the first line says,"Ok, the "If-Then"
wasn't true....But there's more ahead!"
'This section is for the form
input and it creates the cookie. You see, this single page of code
serves three functions: It's for people who've been here before, people
who haven't, and it makes a cookie for the people based on their form
input. You'll notice that just after the FORM METHOD html I have
some ASP code which actually asks for it's own name so it can post to
itself!
The "If-Then" statement checks to see if the user
sent a form with the name "ActionType" which has the value
equal to "BadMutha"!
It also makes two variables based on the user input to
stick into the JonShaft cookie. I call the variables TheFirstName
and TheLastName appropriately.
Response.Cookies("JonShaft")("FirstName")
= TheFirstName
Response.Cookies("JonShaft")("LastName") =
TheLastName
Response.Cookies("JonShaft").Expires = #September 3,
2001#
Response.Cookies("JonShaft").Domain= &_ ".www.activeserverpages.com"
Response.Cookies("JonShaft").Path = "/glenncook"
Response.Write "Thanks for your submission, "
Response.Write(Request("FirstName"))%>!
'The
Response Object is your cookie writing friend! This code actually writes
the cookie to the client's system. You'll notice that I make the
The FirstName key equal to the "TheFirstName" variable which I
extracted from the Request("FirstName") Querystring from the
input form.(Whoooo! That was a mouthful!)
to expire, the domain that it should be sent to, and the path within the
domain. But the secret recipe is that little period in the
domain=".www.activeserverpages.com" Actually without
that little period, no cookie! Charles Carol helped me on this
little issue which drove me nuts. MAKE SURE THE DOT IS THERE!
Also make sure the path is EXACTLY as I wrote it.
<%Else%>
'The
"Else" code here basically says," Ok, they don't have the
cookie and they didn't send any form information, send them the
following code!
<FORM
METHOD=POST ACTION="<%=Request.ServerVariables("SCRIPT_NAME")%>">
<input type="hidden" name="ActionType"
value="BadMutha">
You must be new around here. Gimme your name?!<p>
FIRST NAME:<input type="text"
name="FirstName" size="15"><br>
LAST NAME: <input type="text"
name="LastName" size="15"><p>
<input type="reset" value="Clear
Form">
<input TYPE="submit" VALUE="Submit Info!">
<%End If%>
<%End If%>
</BODY>
</HTML>
'This
section is your HTML input form for the new visitor! You'll notice
that I stuck a hidden input box in there. Well basically
that's so I can get "Bad Mutha" as the Action Type but is very
effective for passing stuff that the user doesn't need to see.
this asp page -which I mentioned above- using the
Request.ServerVariables object. Remember: If you need some
information in ASP pages, just "Request" it.
End your If!
Some
tips and suggestions!
things I've seen cookies used for is with Human Resource type
applications where the basic user information is stored as a cookie.
That way everytime they go to access a form to make changes they
don't have to re-type the form input information. Remember, DO
NOT store sensitive information in a cookie.
any cookie information back to an existing cookie you need to update
all of the cooky's information (e.g. "path",
"domain", "expiration date" etc.)
might be useful for "extra" authentication, it should
never be used for secure authentication purposes. Check out Kevin
Flicks site for some great info on authentication methods and
security considerations.
Internet Explorer likes the domain info like ".www.domain.com"
where Netscape likes it like ".domain.com". (My
cookie is written for Explorer.)
Any little mistake will have you pulling your hair out for hours.
Loading Comments ...
Comments
No comments have been added for this post.
You must be logged in to make a comment.