Home/ Questions/Q 7569137
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-30T15:05:53+00:00

I have some code that saves the user’s ID as a cookie. It works

  • 0

I have some code that saves the user’s ID as a cookie. It works fine in production, but moving the code to IIS7, upgrading the vendor app behind my code, and moving the app to an app in IIS7 instead of just running Default Web breaks this cookie function in IE.

Unfortunately it’s a Classic ASP app so I can’t find a good way to post a working version. But here are the relevant pieces.

Synopsis:

  1. when the user checks “remember me” and logs in, a temporary cookie
    is created
  2. when the user authenticates, the temp cookie is “promoted” to a
    permanent one and temp is expired
  3. when the user unchecks “remember me” both cookies are supposed to be
    expired

What appears to be happening (just in IE?) is that there are 2 cookies, and unchecking the box only touches one of them.

Here is the relevant code. Hope it helps 🙂

On the login form:

var MHOLI = Get_Cookie("MHOLI");
//Check if cookie has a value
if (MHOLI != null && MHOLI != "" && MHOLI != "null") {
    //Set login text
    $("#Login").val(MHOLI);
    //keep remember login checkbox checked
    $("#RemonlineID").attr('checked', true);
    $(document).ready(function() {
        setTimeout(function() {
            $("#Password").focus();
        }, 200);
    });
}
$(document).ready(function() {
    //test if cookies are enabled..
    Set_Cookie('test', 'testvalue', '/', '', '');
    //if cookies are disabled, disable the option to remember username
    if (!Get_Cookie('test')) {
        $('#RemonlineID').attr("disabled", true);
    }
});​

When the “remember me” checkbox is changed:

var loginForm = document.getElementById("loginForm");
if (!loginForm.RemonlineID.checked) {
    setCookie("MHOLI", null, null);
    setCookie("tmpMHOLI", null, null);
}​

When the login form is submitted, set a 1 day cookie if “remember me” checked:

if (loginForm.RemonlineID.checked) {
    setCookie("tmpMHOLI", loginForm.Login.value, 1);
}
else {
    setCookie("tmpMHOLI", null, null);
}​

The setCookie function. Yes, I see that expstring is there but never used :):

function setCookie(name, value, days) {
    var expireDate = new Date()
    //set "expstring" to either future or past date, to set or delete cookie, respectively
    var expstring = (typeof days != "undefined") ? expireDate.setDate(expireDate.getDate() + parseInt(days)) : expireDate.setDate(expireDate.getDate() - 5)
    document.cookie = name + "=" + value + "; expires=" + expireDate.toGMTString();
}​

And then some VBScript once the user makes it into the application. I’m thinking that it is creating a second cookie instead of 

if Request.Cookies("tmpMHOLI") <> "" then
  Response.Cookies("MHOLI") = Request.Cookies("tmpMHOLI")
  Response.Cookies("MHOLI").Expires = Date() + 365
  Response.Cookies("tmpMHOLI") = ""
end if​

Is there something different about how IE7/8/9 handle cookies that this would not work? Is there something about IIS7.5 that is creating a cookie that the client script can’t touch?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I ended up refactoring my setCookie() function. I was not properly expiring the cookies because the date calculations were funky. The quirksmode createCookie() function worked correctly.

    Also, I set the path on the cookie when I set it server-side. Somehow the paths were different for cookies set by the prelogin and post login pages. So then the client script couldnt override the server side cookie and vice versa. Explicitly setting the path fixed that.

    • 0