cookie value being garbled.

From: Peter Row (peter.row_at_oxfordcc.co.uk)
Date: 05/24/04 

Date: Mon, 24 May 2004 09:38:00 +0100

Hi,

I have a legacy VB6 webclass app that has been directly ported
to VB.NET. My .NET webclass infrastructure works in more or
less the same way but is now specific to my app and not the
generic like the original MS version. This is all implemented in
1 DLL using a series of HttpHandlers and HttpModules.

Anyhow, I need to do manual authentication ticket handling,
which in this case I use an MD5 hash for.

Situation/Problem:
When a user visits the site they are automatically logged in as
an appropriate langauge guest, i.e. English guest, French guest
based on browser settings. They can then browse the site etc...
Each request to the site refreshes the ticket (stored in a cookie).
This all works great and they can browse as much as they want.

HOWEVER.... if you login and hence get a new ticket all
together then the next request after the login OK page receives
the ticket cookie in what appears to be URL encoding.
I decode this using the built in ASP.NET methods but this
has the side-effect of corrupting the MD5 hashed part of the
ticket, because when checking it's validity it fails.

I tracked the progress of requests and found that everything is
okay up to and including the end of the processing of the
login OK page. The next request which comes in through
a HttpHandler factory (which does nothing except work out
what class it needs to instantiate and set running) the cookie
is mangled.

Any ideas as to why the cookie would be fine for all requests
when auto-logged in as a guest but then get screwed after login
would be much appreciated.

P.S I don't do anything special when logging in, I just check
the user/pwd against DB and say either yes (authenticate with
a new ticket) or no.

Regards,
Peter

Relevant Pages

  • Re: Cookies Expiring due to different time zones.
    ... post to your aspx login, sending the cookie's date in a hidden field ... set the aspx login cookie using the date/time in the hidden field ... This is the code I am using to create the ticket, ... Your problem is that you're using an extremely short time for the cookie expiration. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: How to share session with IE
    ... my browser module if necessary. ... program can load the cookies from your real browser's cookie store ... "need to login" condition, and react accordingly. ... Another option instead of making your program run through a series of clicks and text inputs, which is difficult to program, is to browse the html source until you find the name of the script that processes the login, and use python to request the page with the necessary form fields encoded in the request. ...
    (comp.lang.python)
  • HttpWebRequest with java session id cookie; HELP PLEASE
    ... I'm trying to login to a backend system running Java/Tomcat. ... HttpWebRequest with the login data and do a POST. ... HttpWebRequest with a new cookie container and add the java session id ... HttpWebRequest request = WebRequest.Create; ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Cookies Expiring due to different time zones.
    ... cookie is setting time according to my server. ... just not able to login. ... perfectly fine on my PC and many other PCs which have correct time. ... This is the code I am using to create the ticket, ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: using a shared session
    ... you will have to pass the ticket to site. ... they will be prompted for a login. ... | We have 3 different web applications on three different websites (and ... | and is saved in the cookie for that session. ...
    (microsoft.public.dotnet.framework.aspnet)