Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Passing cookies in Response.Redirect in ASP.NET

I'm having a problem passing cookies in ASP.NET to a new URL. I add cookies to the Response like so:

Response.Cookies.Add(new HttpCookie("Username", Username.Text));

I then issue a redirect:

Response.Redirect(returnURL);

On the new page that I am redirected to, the cookie collection is empty. I try to retrieve a cookie like so:

Request.Cookies["Username"].Value;

Can anyone think of why the cookies are not being passed?

EDIT:

Further info I forgot to add - on the second attempt within the same browser session, the cookies ARE passed correctly with the redirect.

EDIT #2: I have found that if I use "localhost" instead of the actual domain name in the redirect URL, then the cookies are passed correctly on first login. So its only when the redirect URL is the actual domain name that it doesn't work. Strange.

like image 447
tuseau Avatar asked Aug 09 '12 14:08

tuseau


2 Answers

According to HTTP State Management Mechanism

Origin servers MAY send a Set-Cookie response header with any
response. User agents MAY ignore Set-Cookie headers contained in
responses with 100-level status codes but MUST process Set-Cookie
headers contained in other responses (including responses with 400-
and 500-level status codes). An origin server can include multiple
Set-Cookie header fields in a single response. The presence of a
Cookie or a Set-Cookie header field does not preclude HTTP caches
from storing and reusing a response.

So REDIRECTs (3xx) are in the 'other' responses so they should be processed by the browser, which may then drop them for all kinds of reasons. One such cause of the browser rejecting the cookie is when the domain attribute of the cookie is specified and does not have enough dots (like 'localhost') or when the path attribute of the cookie does not case-match the actual path in the URL (cookie's path is case sensitive).

like image 188
Dror Harari Avatar answered Sep 20 '22 07:09

Dror Harari


I've been facing the same issue in a .NET Core 2.1 WebApp . After searching a while I found out that I could use the following to force a cookie not to be lost upon a redirect response.

HttpContext.Response.Cookies.Append("cookie-name", "cookie-value", new CookieOptions { IsEssential = true });

The docs mention that this property "indicates if this cookie is essential for the application to function correctly. If true then consent policy checks may be bypassed. The default value is false."

This might be an option for you!

like image 44
felixperreault Avatar answered Sep 21 '22 07:09

felixperreault