Search Tools Links Login

The JonShaft Cookie Tutorial

This Cookie tutorial is designed for anyone interested in learning how to control a cookie with ASP.

Original Author: Glenn Cook


Important Update:

ASP Trencher, Bryant L. from Baarns
Consulting, sent me an e-mail recently telling me that  IIS4.0 machines
using ASP2.0 do not need the leading "." for defining the domain
variable for the cookie, and it works with IE and Netscape!  I tested this
out on a local machine of my own and sure enough, it worked perfectly.  I
haven't updated the cookie-code you'll see below to reflect that because not
everyone is using that exact configuration, but as ASP and IIS improve so will
these little headaches.  Thanks, Bryant.

How it Works:

Green = Server-side ASP code

Purple= HTML Code

Black= Visible HTML Text

Red= My Comments



    If Request.Cookies("JonShaft").HasKeys Then %>





A Jon Shaft Cookie. It's cheesy!</TITLE>





    This  is my " if then" where I find out if the user
    already has the JonShaft Cookie on their system.  The HasKeys
    attribute is real handy for checking cookies which have multiple values
    associated with them- those values are referred to as Keys by ASP. 
    This cookie says, if they've got the cookie, execute the next statement.





Welcome Back, <%Response.Write



    line basically says, "OK, they've got the cookie, let's Request the
    cookie's keys/info and write them to the page."  The Response
    Object allows me to spit information to the user, the Request Object
    allows me to extract it from the user.  Basically what we've done
    is said, "Check for cookie(Request), extract cookie(Request), write
    cookie to page(Response)"

**The &#32 tells HTML to enter a space**







    Else If "BadMutha" = Request("ActionType") Then


    "Else in the first line says,"Ok, the "If-Then"
    wasn't true....But there's more ahead!"

'This section is for the form
    input and it creates the cookie.  You see, this single page of code
    serves three functions: It's for people who've been here before, people
    who haven't, and it makes a cookie for the people based on their form
    input.  You'll notice that just after the FORM METHOD html I have
    some ASP code which actually asks for it's own name so it can post to

The "If-Then" statement checks to see if the user
    sent a form with the name "ActionType" which has the value
    equal to "BadMutha"!

It also makes two variables based on the user input to
    stick into the JonShaft cookie.  I call the variables TheFirstName
    and TheLastName appropriately.





    = TheFirstName

    Response.Cookies("JonShaft")("LastName") =

    Response.Cookies("JonShaft").Expires = #September 3,

    Response.Cookies("JonShaft").Domain=  &_ ""

    Response.Cookies("JonShaft").Path = "/glenncook"

    Response.Write "Thanks for your submission, "

    Response Object is your cookie writing friend! This code actually writes
    the cookie to the client's system.  You'll notice that I make the
    The FirstName key equal to the "TheFirstName" variable which I
    extracted from the Request("FirstName") Querystring from the
    input form.(Whoooo! That was a mouthful!)


Then I tell the cookie when
    to expire, the domain that it should be sent to, and the path within the
    domain.  But the secret recipe is that little period in the
    domain=""  Actually without
    that little period, no cookie!  Charles Carol helped me on this
    little issue which drove me nuts.   MAKE SURE THE DOT IS THERE!
    Also make sure the path is EXACTLY as I wrote it.



    "Else" code here basically says," Ok, they don't have the
    cookie and they didn't send any form information, send them the
    following code!




    <input type="hidden" name="ActionType"


    You must be new around here. Gimme your name?!<p>

    FIRST NAME:<input type="text"
    name="FirstName" size="15"><br>

    LAST NAME:&#32<input type="text"
    name="LastName" size="15"><p>


    <input type="reset" value="Clear

    <input TYPE="submit" VALUE="Submit Info!">

    <%End If%>

    <%End If%>



    section is your HTML input form for the new visitor!  You'll notice
    that I stuck a hidden input box in there.  Well basically 
    that's so I can get "Bad Mutha" as the Action Type but is very
    effective for passing stuff that the user doesn't need to see.


I also extract the name of
    this asp page -which I mentioned above- using the
    Request.ServerVariables object.  Remember: If you need some
    information in ASP pages, just "Request" it.


Finally, don't forget to
    End your If!

    tips and suggestions!


  • One of the most useful
          things I've seen cookies used for is with Human Resource type
          applications where the basic user information is stored as a cookie. 
          That way everytime they go to access a form to make changes they
          don't have to re-type the form input information.  Remember, DO
          NOT store sensitive information in a cookie.



  • If you are rewriting
          any cookie information back to an existing cookie you need to update
          all of the cooky's information (e.g. "path",
          "domain", "expiration date" etc.)





  • Although a cookie
          might be useful for "extra" authentication, it should
          never be used for secure authentication purposes. Check out Kevin
    site for some great info on authentication methods and
          security considerations.




          Internet Explorer likes the domain info like ""
          where Netscape likes it like "".  (My
          cookie is written for Explorer.)



  • Cookies are finicky. 
          Any little mistake will have you pulling your hair out for hours.





About this post

Posted: 2002-06-01
By: ArchiveBot
Viewed: 107 times




No attachments for this post

Loading Comments ...


No comments have been added for this post.

You must be logged in to make a comment.