Microsoft KB Archive/810906

= Case Sensitive Domain Cookies Are Not Returned =

PSS ID Number: 810906

Article Last Modified on 5/27/2003

-

The information in this article applies to:


 * Microsoft Windows 2000 Server

-



SYMPTOMS
When an an Active Server Pages (ASP) page uses the Request.Cookies collection to request a cookie, the cookie may not be returned. For additional information about a similar issue that has a different cause, click the following article number to view the article in the Microsoft Knowledge Base:

324337 FIX: Cookie Is Not Returned for ASP Page on Internet Information Services 5.1



CAUSE
This behavior occurs because cookies are case-sensitive, and the case used in the cookie string does not match the case used in the URL or redirect. For example, this behavior may occur if a user types the URL into the address bar of the Web browser using the incorrect case (uppercase or lowercase), or the URL or redirect in a Web page uses the incorrect case.

Note Even though domain name service (DNS) servers are not case-sensitive, Microsoft Internet Explorer treats domain names as case-sensitive and does not send cookies across domains with different case.



RESOLUTION
To resolve this issue, verify that the case that you use in the path code for your cookie matches the case that you use in any URL links or redirects. For example, always type domain names in upper case or always type domain names in lower case.



MORE INFORMATION
A cookie is a text string that is included with Hypertext Transfer Protocol (HTTP) requests and responses. Cookies are used to maintain state information as you view different pages on a Web site or return to the Web site later. Cookies are case-sensitive. If you type a Web address in lower-case in the Address bar and then later type the same address in upper-case, Internet Explorer creates a different cookie for the upper-case address. Internet Explorer creates different cookies for a Web site when the case for the address in the Address bar, a Web link, or a redirect differs from the case of the address in cookies that already exist on your computer.

DNS servers are not case-sensitive. For example, if you type either of the following addresses in the Address bar of your Web browser, the Web browser opens the same Web page :
 * http://www.msn.com

-or
 * http://wWw.MsN.cOM.

For example, if you visit http://support.microsoft.com/abc.asp and the abc.asp page sets a cookie, your browser sends that cookie with all future requests you make to http://support.microsoft.com.

However, if you visit http://msdn.microsoft.com/xyz.htm, your browser does not forward the cookie that was set by support.microsoft.com, because the browser determines that msdn.microsoft.com is different from support.microsoft.com. This occurs even if both Web sites resolve to the same IP address, or if the same server hosts both sites.

Using .Domain
If you visit http://support.microsoft.com/abc.asp and the abc.asp page sets the following cookie, your browser sends this cookie with all requests to &quot; .microsoft.com,&quot; where  represents any text.

Response.Write Request.Cookies(&quot;TestCookie&quot;) Response.Cookies(&quot;TestCookie&quot;) = &quot;123&quot; Response.Cookies(&quot;TestCookie&quot;).Expires = &quot;2001/12/31&quot; Response.Cookies(&quot;TestCookie&quot;).Domain = &quot;.microsoft.com&quot; Response.Cookies(&quot;TestCookie&quot;).Path = &quot;/&quot;

Using .PATH
The Path portion of a Web address is the part the follows the fully qualified domain name (FQDN). Path Is case-sensitive. In the following sample Web address, the FQDN is &quot;domain.com&quot; and the Path is &quot;/SubWeb/Folder/Page.htm&quot;.

http://domain.com/SubWeb/Folder/Page.htm

The following sample code creates a cookie that the browser only sends if the requested page is located in the Sales folder on microsoft.com: Response.Write Request.Cookies(&quot;TestCookie2&quot;) Response.Cookies(&quot;TestCookie2&quot;) = &quot;123&quot; Response.Cookies(&quot;TestCookie2&quot;).Expires = &quot;2001/12/31&quot; Response.Cookies(&quot;TestCookie2&quot;).Domain = &quot;.microsoft.com&quot; Response.Cookies(&quot;TestCookie2&quot;).Path = &quot;/Sales&quot; After this code is executed, the browser sends TestCookie2 to the server when it visits the following:

http://search.microsoft.com/Sales/test.htm.

For additional information about using cookies, click the following article numbers to view the articles in the Microsoft Knowledge Base:

260971 Description of Cookies

302390 HOW TO: Use Cookies in an ASP Page

217043 FIX: Cookies Can Be Set for Generic Domain Names

258430 Web Site May Retrieve Cookies from Your Computer

264345 False URL Can Steal or Set Cookies for Different Domain

275033 Cookies Are Not Saved If the Host Name Is Invalid

For more information, see the following Microsoft Web sites:

http://msdn.microsoft.com/workshop/server/feature/webfarm3.asp

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wceinet/htm/_wcesdk_managing_cookies.asp

Keywords: KB810906

Technology: kbwin2000Search kbwin2000Serv kbwin2000ServSearch

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© 2004 Microsoft Corporation. All rights reserved.