Re: cookie not sent with window.open

From: Mark Schupp (mschupp_at_ielearning.com)
Date: 03/18/04 

Date: Thu, 18 Mar 2004 08:25:18 -0800

I've seen this behavior before but I cannot duplicate it any more.

What I have seen in the past is that if the link to the ASP page was
embedded in an HTML pages that was launched from the file system instead of
through the web-server then the browser would not pass the session cookie to
windows opened with window.open().

What version of IE are you using? I have IE 6 with all the latest patches. 

-- 
Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com
"Paul" <removethisbitthenitspaulyates@hotmail.com> wrote in message
news:c3bt3v$25k5k3$1@ID-141222.news.uni-berlin.de...
> J. Baute wrote:
> > First, I find it very odd that any kind of caching header would have
> > anything to do with cookies not being recieved.
> > The two are completely unrelated AFAIK.
>
> I know... tell me about it!!!
>
> > Anyway, I'm trying to grasp what you are doing here, so if I'm
> > getting this right this is what happens:
> > - a user has an excel *** open with a hyperlink in it to
> > getCookie.asp
> > - the user clicks this hyperlink, which opens a new Internet Explorer
> > window, loading getCookie.asp
> > - getCookie.asp sets a cookie, then returns some HTML & JavaScript to
> > open a new window calling useCookie.asp
> > - useCookie.asp retrieves the  cookie set by getCookie.asp, and uses
> > it (duh!)
>
> Correct, this is exactly what i'm trying to do.
>
> > the first thing that I can think of is that that second browser
> > window is running a new browser session, making it impossible for
> > that window to retrieve that session-based cookie set by the first
> > window, I'm not sure that is the case, cause I'm not sure if using
> > window.open() can cause a new browser session to be created, by I do
> > know for sure this can be the case if you open a new window by
> > right-clicking, and opening a page in a new window
> > IE has/had some setting where each new IE window runs as a seperate
> > application, which also caused session cookies to "get lost" (they
> > don't really, cause it's a new session).
>
> Yes going back a bit now i've looked into how IE (and different versions
of
> it) shares its memory between instances of itself.
> That's a really good hypothesis... unfortunately i've just checked it out
> and it isn't the cause.
>
> > A funny session bug I ran into in IE 5 is when you start IE and your
> > homepage is not a website (file:// protocol instead of http), also
> > causes your session to get lost when a new window is openened using
> > window.open().
> >
> > maybe this helps?
>
> Nope... tried all combinations of home page and its still the same.
>
> Have you (anyone?!?) not managed to reproduce this issue?  I've tried it
on
> at least computers, some inside the office some outside, either w2k or
NT4.
> The issue is always there.
>
> I'm starting to think its a symptom of a security update related to
> window.open. But it can't be... because if it was then the cookie would
> *never* be sent, would it!
>
>
>
> > "Paul" <removethisbitthenitspaulyates@hotmail.com> wrote in message
> > news:c39gte$258bfj$1@ID-141222.news.uni-berlin.de...
> >> I link to a web site from an Excel spread***.  The page i link to
> >> is getCookie.asp which sets a cookie then returns back some html
> >> which opens a new window, to the same site but a different page
> >> (same folder).
> >>
> >> The cookie is not received.  Can someone explain why?
> >>
> >> I worked around this by adding a cache-control header with a value of
> >> no-cache.  This fixes the problem.  Unfortunately that causes another
> >> problem with Internet Explorer that no-one can figure out (basically
> >> with friendly error messages turned on IE shows an error page for no
> >> reason - i posted a lengthy message about this to m.p.i.asp.general
> >> but no-one has a clue).
> >>
> >> I have tried every combination of every cache busting header i can
> >> think of but no other one fixes this problem about the cookie not
> >> being received.
> >>
> >> So basically i'm in a catch-22.  If i put the cache-buster in then
> >> users will get a nasty error message from IE unless they have
> >> 'friendly' error messages off.  If i leave out cache-buster code
> >> then the session cookie doesn't get returned which means the users
> >> cant access my site.  Help!
> >>
> >> Example asp's are below.  To recreate the problem simply create a
> >> hyperlink to getCookie.asp in excel then open it (after each attempt
> >> you need to shut down Excel).  By the way everything works fine if
> >> you type the URL into IE directly... the problem is when opening
> >> from Excel.
> >>
> >> Thanks in advance
> >>
> >> Paul
> >>
> >> ----getCookie.asp------
> >> <%
> >> 'cache code which makes next page work
> >> 'Response.CacheControl = "no-cache"
> >> 'send cookie back to client
> >> Response.Cookies("PaulSessionID") = "PaulsCookie"
> >> %>
> >> <HTML>
> >> <HEAD>
> >> <SCRIPT>
> >>
> >
>
window.open('useCookie.asp','newWin','resizable,scrollbars,menubar,toolbar')
> >> ;
> >> </SCRIPT>
> >> </HEAD>
> >> <BODY>&nbsp;</BODY>
> >> </HTML>
> >> ------------------------
> >>
> >>
> >> -----useCookie.asp------
> >> The cookie set by the previous page is:
> >> "<%=Request.Cookies("PaulSessionID")%>"
> >> ---------------------------
>
>
>
Loading