Home/ Questions/Q 3598006
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-18T20:11:19+00:00

I’m using the WPF WebBrowser to display online help inside an app (just a

  • 0

I’m using the WPF WebBrowser to display online help inside an app (just a few small web pages). Some of those pages use cookies to display items only for the first few times the pages are viewed (it’s a “Why not try X” type of thing).

However, for some reason the cookies don’t seem to be working inside the WebBrowser control. They work fine in full IE as well as Firefox and Chrome (so the items correctly hide), but they never hide when viewed through the WPF WebBrowser control.

Is there something special about using cookies in the WPF WebBrowser control? It seems to be behaving as if all the cookies are only stored in memory, rather than being persisted on disk.

Here’s one of those pages inside a browser (where the cookies work):

Help pane inside a browser

And here’s the exact same page inside the app:

Help pane inside the application

That additional content should only be visible for the first few times of using the software (i.e. it should be hidden after N views of that web page), but because I can’t get cookies to work it’s always visible.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Cookies handling in Internet Explorer (or hosted versions) is tied to the IE’s own notion of “URL Security Zones”, doc here: About URL security Zones

    So, IE determines an url zone using various alogorithms applied to the url. Depending on the zone, your hosted browser may or may not support session or persistent cookies.

    Strangely, when I create a small WPF sample, add the web browser to it and have navigate to this persistent cookie tester utiliy page: http://www.rbaworld.com/Security/Computers/Cookies/givecook.shtml, it works fine. Each time I launch the sample app, the counter is incremented fine, so not everyone can reproduce your problem. Well, that’s the whole purpose of URL Security zones: it can vary by machine, by user, by Windows policy, etc…

    The next question is: Can I change the zone you’re running in? The short and easy answer is … no because it’s heavily tied to the security.

    If you were hosting IE yourself, you could implement your own security zone handle as described here: Implementing a Custom Security Manager and a sample here: SAMPLE: Secumgr.exe Overrides Security Manager for WebBrowser Host but you’re relying on WPF’s webbrowser that does not allow any override… You can get to Reflector and copy all WPF private/internal code but that’s a log of risky work!

    The last thing you can try is to manipulate the standard Internet Security Manager. Here is some sample code that gives some hints. At least you should be able to determine the zone you’re running in (MapUrltoZone) and change the cookie (TryAllowCookie). The problem with the standard manager is most of the times, it pops up dialog to the end-user allowing authorization… (security again!):

    [ComImport, Guid("7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4")]
private class InternetSecurityManager
{
}

[ComImport, InterfaceType(ComInterfaceType.InterfaceIsIUnknown), Guid("79eac9ee-baf9-11ce-8c82-00aa004ba90b")]
private interface IInternetSecurityManager
{
    void Unused1();
    void Unused2();
    [PreserveSig]
    int MapUrlToZone([In, MarshalAs(UnmanagedType.BStr)] string pwszUrl, out int pdwZone, [In] int dwFlags);
    void Unused3();
    [PreserveSig]
    int ProcessUrlAction(string pwszUrl, int dwAction, ref int pPolicy, int cbPolicy, ref Guid pContext, int cbContext, int dwFlags, int dwReserved);
    // left undefined
}

public static SecurityZone MapUrlToZone(Uri uri)
{
    IInternetSecurityManager securityManager = (IInternetSecurityManager)new InternetSecurityManager();
    int zoneId;
    if (securityManager.MapUrlToZone(uri.ToString(), out zoneId, 0) < 0)
        return SecurityZone.NoZone;

    return (SecurityZone)zoneId;
}

private const int URLACTION_COOKIES = 0x00001A02;
private const int URLACTION_COOKIES_ENABLED = 0x00001A10;
private const int URLPOLICY_ALLOW = 0x00;
private const int URLPOLICY_DISALLOW = 0x03;
private const int PUAF_DEFAULT = 0x00000000;

public static bool TryAllowCookies(Uri uri)
{
    IInternetSecurityManager securityManager = (IInternetSecurityManager)new InternetSecurityManager();
    int policy = 0;
    Guid context = Guid.Empty;
    int hr = securityManager.ProcessUrlAction(uri.ToString(), URLACTION_COOKIES_ENABLED, ref policy, Marshal.SizeOf(policy), ref context, Marshal.SizeOf(context), PUAF_DEFAULT, 0);
    return (hr == 0) && policy == URLPOLICY_ALLOW;
}

    Good luck 🙂

    • 0