Microsoft KB Archive/324337

= FIX: Cookie Is Not Returned for ASP Page on Internet Information Services 5.1 =

Article ID: 324337

Article Last Modified on 11/21/2006

-

APPLIES TO


 * Microsoft Active Server Pages 4.0
 * Microsoft Internet Information Services 5.1

-



This article was previously published under Q324337



SYMPTOMS
When a cookie is requested with the Request.Cookies collection in an Active Server Pages (ASP) page on Internet Information Services (IIS) 5.1, the cookie may not be returned.



CAUSE
If a cookie path is not explicitly added to the cookie when the cookie is added to the Response.Cookies collection in an ASP page, ASP automatically adds the cookie path. If the ASP page is not in the root Web site on the Web server, the path that is added includes the location of the ASP page relative to the root Web site.

Typically, the case (uppercase or lowercase) of the path that is added is the same as the case in the URL that was used to request the page. For example, suppose that cookietest is a subweb on a server that is named TestServer. You use the following URL to request the page:

http://TestServer/cookietest/test.asp

This sets the cookie in the browser and generates a cookie path of &quot;/cookietest&quot;.

With ASP on IIS 5.1, ASP does not synchronize the case of this path with the case of URL. Instead, the case of the path matches the case of the associated directory in the file system. For example, if the test.asp file is located in the C:\Inetpub\wwwroot\CookieTest directory, a request to the same URL (http://TestServer/cookietest/test.asp) generates the cookie path of &quot;/CookieTest&quot;. On a later request to http://TestServer/cookietest, the browser does not send the cookie because &quot;cookietest&quot; in the URL does not match the cookie path that is returned from IIS 5.1.



RESOLUTION
To resolve this problem, obtain the latest service pack for Windows XP. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

322389 How to Obtain the Latest Windows XP Service Pack

WORKAROUND
To work around this behavior, use one of the following methods:   Manually add a path of &quot;/&quot; to the cookie. For example: Response.Cookies(&quot;TestCookie&quot;) = &quot;Value&quot; Response.Cookies(&quot;TestCookie&quot;).Path = &quot;/&quot; By setting the path to the Web site root as &quot;/&quot;, you resolve the problem because there is no issue with the case of the path matching the case of the URL. The disadvantage to this workaround is that a cookie that is issued with a path of root is returned to the server if a request is made for any page on the server. In other words, the cookie is not isolated to the application (subweb) from which it was issued.  Make sure that the case of the URL that is used to request the page matches the case of the directory in the file system that is associated with the subweb.

If the case of the subweb in the URL matches the case of the physical directory that is associated with the subweb, the problem does not occur. For example, use the following URL to access a page that is located in C:\Inetpub\wwwroot\CookieTest:

http://TestServer/CookieTest/SomePage.asp

This problem does not occur because the generated cookie path (&quot;/CookieTest&quot;) matches the case of &quot;CookieTest&quot; in the URL. The disadvantage to this workaround is that it is difficult to control the URL that is initially used to access a site. To work around this, you can redirect requests to a URL with the wrong case to the same URL with the correct case.



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Windows XP Service Pack 1 (SP1).



Steps to Reproduce the Behavior
The following steps reproduce this behavior on a computer that is running Microsoft Windows XP Professional.  Create a virtual directory in IIS that is named CookieTest. To do this, follow these steps:  Create a physical directory on the computer, and then name the directory CookieTest. Make sure that the &quot;C&quot; and the &quot;T&quot; in CookieTest are capitalized. Typically, this directory is located under the root directory for the Web server at C:\Inetpub\wwwroot\.</li> Use the Internet Information Services Manager to create a virtual directory. Name the directory CookieTest, and then associate this directory with the physical directory that you created in the previous step.</li></ol> </li>  Use the following code to create two ASP files, CTest_W.asp and CTest_R.asp, and then save these files in the CookieTest directory:

CTest_W.asp <%@ LANGUAGE=&quot;VBScript&quot; %> <%   Response.Cookies(&quot;TestCookie&quot;) = &quot;Value&quot; Response.Write(&quot;Your cookie has been set&quot;) %> CTest_R.asp <%@ LANGUAGE=&quot;VBScript&quot;%>

<%   Response.write(&quot;Here is the TestCookie value:&quot;) Response.write(Request.Cookies(&quot;TestCookie&quot;)) %>                   </li> Open the pages in the browser. To do this, follow these steps: <ol style="list-style-type: lower-alpha;"> Start an instance of the browser.</li> Use the following URL to open CTest_W.asp and to set the cookie in the browser:

http://localhost/cookietest/CTest_W.asp

</li> Use the following URL to open CTest_R.asp:

http://localhost/cookietest/CTest_R.asp

In this case, the browser does not return the cookie for CTest_R.asp to the server because the generated cookie path (&quot;/CookieTest&quot;) does not match &quot;cookietest&quot; in the URL.</li> Use the following URL to open CTest_R.asp in the browser and to see the value of the cookie in the browser:

http://localhost/CookieTest/CTest_R.asp

In this case, the browser returns the cookie to the server because the generated cookie path (&quot;/CookieTest&quot;) matches &quot;CookieTest&quot; in the URL.</li></ol> </li></ol>

<div class="references_section">