Detecting if cookies are enabled
-
Hi all, Is it possible, in ASP.NET, to detect whether the cookies are enabled in the client browser? The Request.Browser.Cookies always returns true for cookie-enabled browser, even if the cookies are disabled in the browser. If I am correct, the only way to find out whether the cookies are really accepted is to set a test cookie, add it to Response.Cookies, and check whether the cookie is present upon next page request. If only there was another way... :sigh: Thanks for any clues, Rado Rado
-
Hi all, Is it possible, in ASP.NET, to detect whether the cookies are enabled in the client browser? The Request.Browser.Cookies always returns true for cookie-enabled browser, even if the cookies are disabled in the browser. If I am correct, the only way to find out whether the cookies are really accepted is to set a test cookie, add it to Response.Cookies, and check whether the cookie is present upon next page request. If only there was another way... :sigh: Thanks for any clues, Rado Rado
You have to set the cookie then check for it on a subsequent request. Many browsers allow the user to block cookies entirely, or only third-party cookies or by specific web site. So it's not just a matter of having cookies enabled or disabled. Some firewalls may block cookies even if the browser accepts them. The only way to know is to set one and then check for it when a new request is made. A user may even delete or block cookies in the middle of a session. So to cover every possible senario, you'd need to check for the cookies you require on every request and maybe redirect the user to your starting page if they somehow go missing (or tell them your app requires cookies). You can avoid all that if using Session variables instead. With ASP, that required one cookie to hold the session id. But with ASP.Net, you can use cookieless sessions pretty easily. Just specify it in the web.config file: (It uses URL-munging instead of cookies.)
-
You have to set the cookie then check for it on a subsequent request. Many browsers allow the user to block cookies entirely, or only third-party cookies or by specific web site. So it's not just a matter of having cookies enabled or disabled. Some firewalls may block cookies even if the browser accepts them. The only way to know is to set one and then check for it when a new request is made. A user may even delete or block cookies in the middle of a session. So to cover every possible senario, you'd need to check for the cookies you require on every request and maybe redirect the user to your starting page if they somehow go missing (or tell them your app requires cookies). You can avoid all that if using Session variables instead. With ASP, that required one cookie to hold the session id. But with ASP.Net, you can use cookieless sessions pretty easily. Just specify it in the web.config file: (It uses URL-munging instead of cookies.)
BrainJar wrote: Many browsers allow the user to block cookies entirely, or only third-party cookies or by specific web site. So it's not just a matter of having cookies enabled or disabled. Some firewalls may block cookies even if the browser accepts them. The only way to know is to set one and then check for it when a new request is made. Well, after doing some research I found out that this is the only way. But I came to a very strange discovery - what I did was that I set a very small per-session cookie upon first request (it contained only a single value of "1") and checked for its presence upon subsequent request. If it existed, I went on and set the larger, persistent cookie. This works fine, but it didn't work in the following scenario: IE6-SP1 + Cookies Disabled + using http proxy. In this scenario, it seemed that the small cookie was present on the subsequent request, so I went ahead and set the larger cookie, but this larger cookie was not stored. But everything worked fine with IE5 using the same settings and same proxy server, or with IE6-SP1 without using the proxy. I decided to use larger "test" cookie (approx same size as the real cookie) and everything works fine now. BrainJar wrote: You can avoid all that if using Session variables instead. With ASP, that required one cookie to hold the session id. But with ASP.Net, you can use cookieless sessions pretty easily. Just specify it in the web.config file: Is it possible to use forms authentication without cookies? I am just being curious, I have never tried this myself. Radoslav Bielik http://www.neomyz.com/poll [^] - Get your own web poll
-
BrainJar wrote: Many browsers allow the user to block cookies entirely, or only third-party cookies or by specific web site. So it's not just a matter of having cookies enabled or disabled. Some firewalls may block cookies even if the browser accepts them. The only way to know is to set one and then check for it when a new request is made. Well, after doing some research I found out that this is the only way. But I came to a very strange discovery - what I did was that I set a very small per-session cookie upon first request (it contained only a single value of "1") and checked for its presence upon subsequent request. If it existed, I went on and set the larger, persistent cookie. This works fine, but it didn't work in the following scenario: IE6-SP1 + Cookies Disabled + using http proxy. In this scenario, it seemed that the small cookie was present on the subsequent request, so I went ahead and set the larger cookie, but this larger cookie was not stored. But everything worked fine with IE5 using the same settings and same proxy server, or with IE6-SP1 without using the proxy. I decided to use larger "test" cookie (approx same size as the real cookie) and everything works fine now. BrainJar wrote: You can avoid all that if using Session variables instead. With ASP, that required one cookie to hold the session id. But with ASP.Net, you can use cookieless sessions pretty easily. Just specify it in the web.config file: Is it possible to use forms authentication without cookies? I am just being curious, I have never tried this myself. Radoslav Bielik http://www.neomyz.com/poll [^] - Get your own web poll
Good question. In theory it should be possible but apparently MS didn't bother. See http://samples.gotdotnet.com/quickstart/aspplus/doc/formsauth.aspx