Need Help with cookies

[Phillip N Rounds]

I'm having trouble with using cookies to monitor the stages of login.
I have a two stage Registration page ( register.aspx ) and my target page
( MyPage.aspx )
I'm using a cookie named LoginStatus to tract the stage of the login
process.
LoginStatus = "1" denotes that the first part of the login process has been
performed.
LoginStatus = "2" denotes that the login process has been completed.


The entire process works as ( I ) expected when I never close the browser.
Once I close the browser, the cookie I have been using is lost. I think the
problem is trying to alter an existing cookie, but that doesn't make sense
to me. Where's the flaw?

Thanks

Phil Rounds


Pseudo Code is as follows:

MyPage.aspx

private void Page_Load( object sender, EventArgs e)
{
System.Web.HttpContext cont = System.Web.HttpContext.Current;
// Check to see if there is even an instance of the cookie LoginStatus
if ( cont.Request.Cookies["LoginStatus"] == null )
Page.Response.Redirect("Register.aspx"); // Cookie doesn't even
exist, so go to the Register Page
if ( cont.Request.Cookies["LoginStatus"].Value != "2")
Page.Response.Redirect("Register.aspx") // Login has started, but not
completed

do the rest of the stuff
}


Register.aspx

private void Page_Load( object sender, EventArgs e)
{
System.Web.HttpContext cont = System.Web.HttpContext.Current;
// Check to see if there is even an instance of the cookie LoginStatus
if ( cont.Request.Cookies["LoginStatus"] == null )
{ HttpCookie cook = new HttpCookie("LoginStatus", "0") ;
// Create the cookie
BeginLoginProcess();
// Do the first part of the login pocess
}
else
{
if ( cont.Request.Cookies["LoginStatus"].Value = "1")
{ CompleteLogin(); // This is a return to
Register.aspx, so complete the login process
Page.Response.Redirect("MyPage.aspx"); // Go to
MyPage, which is where you want to be
return; }

if ( cont.Request.Cookies["LoginStatus"].Value = "2")
Page.Response.Redirect("MyPage.aspx") ; // You're already logged in,
so you shouldn't be here
}
}

BeginLoginProcess()
{
Do a whole bunch of stuff. If everything is ok,
System.Web.HttpContext cont = System.Web.HttpContext.Current;
if ( cont.Request.Cookies["LoginStatus"] != null )
// It can't possibly be null from the above, but what the hey
{
HttpCookie cook = cont.Request.Cookies["LoginStatus"];
cook.Value = "1" ; // We've completed
part 1 of the login process
cont.Response.Cookies.Add( cook );
return ;
}
}

CompleteLogin()
{
Do someother stuff
System.Web.HttpContext cont = System.Web.HttpContext.Current;
if ( cont.Request.Cookies["LoginStatus"] != null )
// It can't possibly be null from the above, but what the hey
{
HttpCookie cook = cont.Request.Cookies["LoginStatus"];
cook.Value = "2" ; // We've completed
part 1 of the login process
cont.Response.Cookies.Add( cook );
return ;
}
}

 

[clintonG]

The flaw -- if I can say so -- is using cookies for what a Session variable
is best used for. Just destroy the variable when through using it.

Furthermore, if you use a MultiView or a Wizard control for multi-step
processes the state is managed for you noting I'm talking about 2.0 in this
regard.

If you insist on using cookies on the basis of your comment I would say you
need to learn to "persist" the cookie.

search: c# persistent cookie

<%= Clinton Gallagher
METROmilwaukee (sm) "A Regional Information Service"
NET csgallagher AT metromilwaukee.com
URL http://metromilwaukee.com/
URL http://clintongallagher.metromilwaukee.com/

I'm having trouble with using cookies to monitor the stages of login.
I have a two stage Registration page ( register.aspx ) and my target page
( MyPage.aspx )
I'm using a cookie named LoginStatus to tract the stage of the login
process.
LoginStatus = "1" denotes that the first part of the login process has
been performed.
LoginStatus = "2" denotes that the login process has been completed.


The entire process works as ( I ) expected when I never close the browser.
Once I close the browser, the cookie I have been using is lost. I think
the problem is trying to alter an existing cookie, but that doesn't make
sense to me. Where's the flaw?

Thanks

Phil Rounds


Pseudo Code is as follows:

MyPage.aspx

private void Page_Load( object sender, EventArgs e)
{
System.Web.HttpContext cont = System.Web.HttpContext.Current;
// Check to see if there is even an instance of the cookie LoginStatus
if ( cont.Request.Cookies["LoginStatus"] == null )
Page.Response.Redirect("Register.aspx"); // Cookie doesn't even
exist, so go to the Register Page
if ( cont.Request.Cookies["LoginStatus"].Value != "2")
Page.Response.Redirect("Register.aspx") // Login has started, but not
completed

do the rest of the stuff
}


Register.aspx

private void Page_Load( object sender, EventArgs e)
{
System.Web.HttpContext cont = System.Web.HttpContext.Current;
// Check to see if there is even an instance of the cookie LoginStatus
if ( cont.Request.Cookies["LoginStatus"] == null )
{ HttpCookie cook = new HttpCookie("LoginStatus", "0") ; //
Create the cookie
BeginLoginProcess(); // Do the first part of the login
pocess
}
else
{
if ( cont.Request.Cookies["LoginStatus"].Value = "1")
{ CompleteLogin(); // This is a return to
Register.aspx, so complete the login process
Page.Response.Redirect("MyPage.aspx"); // Go to
MyPage, which is where you want to be
return; }

if ( cont.Request.Cookies["LoginStatus"].Value = "2")
Page.Response.Redirect("MyPage.aspx") ; // You're already logged
in, so you shouldn't be here
}
}

BeginLoginProcess()
{
Do a whole bunch of stuff. If everything is ok,
System.Web.HttpContext cont = System.Web.HttpContext.Current;
if ( cont.Request.Cookies["LoginStatus"] != null ) // It
can't possibly be null from the above, but what the hey
{
HttpCookie cook = cont.Request.Cookies["LoginStatus"];
cook.Value = "1" ; // We've completed
part 1 of the login process
cont.Response.Cookies.Add( cook );
return ;
}
}

CompleteLogin()
{
Do someother stuff
System.Web.HttpContext cont = System.Web.HttpContext.Current;
if ( cont.Request.Cookies["LoginStatus"] != null ) // It
can't possibly be null from the above, but what the hey
{
HttpCookie cook = cont.Request.Cookies["LoginStatus"];
cook.Value = "2" ; // We've completed
part 1 of the login process
cont.Response.Cookies.Add( cook );
return ;
}
}

 

[Phillip N Rounds]

To any who are interested, the answer is that one has to re-set the
expiration of the cookie when modifying it's value.
This works:

HttpContext cont;
HttpCookie cookie = cont.Request.Cookies["LoginStatus"];
cookie.Value = "New Value";
cookie.Expires = DateTime.Now.AddYear(1);
cont.Response.Cookies.Add( Cookie );

If you don't change cookie.Expires, it expires at the end of the session.

This leads to another question I had, which is about the expiration date.
In the above example, the cookie should have an expiration date of one year
from now. When I read the cookie & look at the expiration date, it is
1/1/0001. Is this the default for a Session Cookie, or for a cookie which
doesn't expire? How do I get/set or view the real expiration date?

Thanks

I'm having trouble with using cookies to monitor the stages of login.
I have a two stage Registration page ( register.aspx ) and my target page
( MyPage.aspx )
I'm using a cookie named LoginStatus to tract the stage of the login
process.
LoginStatus = "1" denotes that the first part of the login process has
been performed.
LoginStatus = "2" denotes that the login process has been completed.


The entire process works as ( I ) expected when I never close the browser.
Once I close the browser, the cookie I have been using is lost. I think
the problem is trying to alter an existing cookie, but that doesn't make
sense to me. Where's the flaw?

Thanks

Phil Rounds


Pseudo Code is as follows:

MyPage.aspx

private void Page_Load( object sender, EventArgs e)
{
System.Web.HttpContext cont = System.Web.HttpContext.Current;
// Check to see if there is even an instance of the cookie LoginStatus
if ( cont.Request.Cookies["LoginStatus"] == null )
Page.Response.Redirect("Register.aspx"); // Cookie doesn't even
exist, so go to the Register Page
if ( cont.Request.Cookies["LoginStatus"].Value != "2")
Page.Response.Redirect("Register.aspx") // Login has started, but not
completed

do the rest of the stuff
}


Register.aspx

private void Page_Load( object sender, EventArgs e)
{
System.Web.HttpContext cont = System.Web.HttpContext.Current;
// Check to see if there is even an instance of the cookie LoginStatus
if ( cont.Request.Cookies["LoginStatus"] == null )
{ HttpCookie cook = new HttpCookie("LoginStatus", "0") ; //
Create the cookie
BeginLoginProcess(); // Do the first part of the login
pocess
}
else
{
if ( cont.Request.Cookies["LoginStatus"].Value = "1")
{ CompleteLogin(); // This is a return to
Register.aspx, so complete the login process
Page.Response.Redirect("MyPage.aspx"); // Go to
MyPage, which is where you want to be
return; }

if ( cont.Request.Cookies["LoginStatus"].Value = "2")
Page.Response.Redirect("MyPage.aspx") ; // You're already logged
in, so you shouldn't be here
}
}

BeginLoginProcess()
{
Do a whole bunch of stuff. If everything is ok,
System.Web.HttpContext cont = System.Web.HttpContext.Current;
if ( cont.Request.Cookies["LoginStatus"] != null ) // It
can't possibly be null from the above, but what the hey
{
HttpCookie cook = cont.Request.Cookies["LoginStatus"];
cook.Value = "1" ; // We've completed
part 1 of the login process
cont.Response.Cookies.Add( cook );
return ;
}
}

CompleteLogin()
{
Do someother stuff
System.Web.HttpContext cont = System.Web.HttpContext.Current;
if ( cont.Request.Cookies["LoginStatus"] != null ) // It
can't possibly be null from the above, but what the hey
{
HttpCookie cook = cont.Request.Cookies["LoginStatus"];
cook.Value = "2" ; // We've completed
part 1 of the login process
cont.Response.Cookies.Add( cook );
return ;
}
}

 

[clintonG]

<snip />

That's called a persistent cookie as I tried to explain and as I recall it
seems you never set an expiration in the first place so how can you be
"resetting" something that didn't exist?

And another thing you mistakenly assumed, a persistent cookie does not need
a date of expiration set a year into the future as you stated. Any values
greater than Now( ) is all that is needed to persist the cookie for that
period of time.

You set that value correctly in the code you show but the wierd date into
the past is not a default for persistent cookies. Setting the date into the
past deletes a cookie.

<%= Clinton Gallagher
METROmilwaukee (sm) "A Regional Information Service"
NET csgallagher AT metromilwaukee.com
URL http://metromilwaukee.com/
URL http://clintongallagher.metromilwaukee.com/