Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is it possible to set a cookie during a redirect in ASP.NET?

I am using ASP.NET. I either add or set a cookie (depending on whether the HttpRequest contains a cookie with specified key), and immediately afterward call Response.Redirect. The cookie is not set. Is this correct behavior? Is there something mutually exclusive about setting a cookie during an http response with a 302 status code?

Here's the source:

        if (context.HttpContext.Request.Browser.Cookies)
        {
            var cookies = context.HttpContext.Request.Cookies;
            var stateCookie = new HttpCookie(SR.session, clientState.SessionId.ToString());
            if (cookies.AllKeys.Contains(SR.session))
            {
                context.HttpContext.Response.Cookies.Set(stateCookie);
            }
            else
            {
                context.HttpContext.Response.Cookies.Add(stateCookie);
            }
        }

Here are the Response headers

  • X-AspNetMvc-Version - 2.0
  • Connection - Close
  • Cache-Control - private
  • Content-Type - text/html
  • Date - Sun, 20 Mar 2011 03:48:04 GMT
  • Location - http://localhost:3599/Home/Redirected
  • Server - ASP.NET Development Server/9.0.0.0
  • X-AspNet-Version - 2.0.50727
like image 394
smartcaveman Avatar asked Mar 20 '11 03:03

smartcaveman


People also ask

Can 302 redirect set cookie?

According to this blog post: http://blog.dubbelboer.com/2012/11/25/302-cookie.html all major browsers, IE (6, 7, 8, 9, 10), FF (17), Safari (6.0. 2), Opera (12.11) both on Windows and Mac, set cookies on redirects. This is true for both 301 and 302 redirects.

How do I add a cookie to a URL?

1. Add a cookie with the key/value from the URL query string (parameter). 2. Pull the cookie value to use as a variable in a link.

Does response redirect stop execution?

Response. Redirect("Default. aspx", true) means current page execution is terminated and page is redirected to the default.

Does a redirect start a new session?

Response. Redirect does nothing with the session. The session is tied (typically) to a cookie associated with the URI of the web app.


1 Answers

After googling a bit it seems that yes, there can be problems with setting the cookie in the redirect response as it may be ignored by a few browsers. (It may make some sense, as the response is really telling the client to ignore the resource and get some other resource instead).

This has been discussed here already: Sending browser cookies during a 302 redirect

So I would change the architecture in a way that allows the page being redirected to to set the cookie.

like image 75
steinar Avatar answered Sep 21 '22 16:09

steinar