Re: Cannot modify cookies after HTTP headers have been sent

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

the cookie is a header, so asp.net raises an error if you change it after the headers have been sent (as it will have no effect). you have a page with buffering turned off.

-- bruce (sqlwork.com)

gibble@xxxxxxxxx wrote:
Hi,

I am going crazy. We get a hundred or so of these errors each day and
while the fix would seem obvious, the error does not include a line
number!

--------------------
Process information:
Process ID: 10084
Process name: w3wp.exe

Exception information:
Exception type: HttpException
Exception message: Server cannot modify cookies after HTTP headers
have been sent.

Request information:
Is authenticated: True
Authentication Type: Forms

Thread information:
Thread ID: 15
Is impersonating: False
Stack trace: at System.Web.HttpCookieCollection.Add(HttpCookie
cookie)
at
System.Web.Security.FormsAuthenticationModule.OnAuthenticate(FormsAuthenticationEventArgs
e)
at System.Web.Security.FormsAuthenticationModule.OnEnter(Object
source, EventArgs eventArgs)
at
System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step,
Boolean& completedSynchronously)
--------------------


According to the logs, it doesn't matter what browser they are using,
we've had errors from FF, IE6 and IE7, (and AOL users with each of
those browsers as well) The only common thing is if I scanned the
errors properly, they all use XP (NT 5.1) ...but that's not too
surprising.

Any ideas would be EXCELLENT as some users are having issues logging
into the site and I believe these errors to be the culprit.

Thankyou.

.

Relevant Pages

  • Re: set cookie in nusoap web service, IE behaves diff than Firefox
    ... > browser as the first output. ... > Works fine in IE6 and the service returns the state of the cookie in the ... it rather implies that $this->headers refers to the headers sent ... I don't think 'Content-Type' is required in the request. ...
    (comp.lang.php)
  • Re: [PHP] I need help with PHP, cURL, and POST
    ... of the cURL stuff. ... It tells you that you are not "proving" to the server that you are a ... option that lets you see the other headers. ... look at what a Cookie actually looks like in the headers. ...
    (php.general)
  • Re: "Divide and Conquer" - cross site response header tampering, cookie manipulation, and
    ... > 1) User-supplied data is inserted in the headers of an HTTP Response ... change the value of) the victim's UID cookie for vulnerable.com. ... so the victim cannot maintain their session) or could be used ...
    (Bugtraq)
  • Re: CURL and $_SESSION problem
    ... > This script instantiates a Timer class object to do a remote script of ... your Timer class object has to keep the cookie from index.php ... needed to keep the session open is the cookie with the session id. ... not forgetting the headers, ...
    (comp.lang.php)
  • Re: CURL and $_SESSION problem
    ... > This script instantiates a Timer class object to do a remote script of ... your Timer class object has to keep the cookie from index.php ... needed to keep the session open is the cookie with the session id. ... not forgetting the headers, ...
    (alt.php)