The JonShaft Cookie Tutorial
||1/5/2015 6:51:00 AM
Glenn Cook (from psc cd)
By 2 Users
||ASP (Active Server Pages), VbScript (browser/client side)
This Cookie tutorial is designed for anyone interested in learning how to control a cookie with ASP.
ASP Trencher, Bryant L. from Baarns
Consulting, sent me an e-mail recently telling me that IIS4.0 machines
using ASP2.0 do not need the leading "." for defining the domain
variable for the cookie, and it works with IE and Netscape! I tested this
out on a local machine of my own and sure enough, it worked perfectly. I
haven't updated the cookie-code you'll see below to reflect that because not
everyone is using that exact configuration, but as ASP and IIS improve so will
these little headaches. Thanks, Bryant.
How it Works:
Green = Server-side ASP code
Purple= HTML Code
Black= Visible HTML Text
Red= My Comments
If Request.Cookies("JonShaft").HasKeys Then %>
<TITLE>A Jon Shaft Cookie. It's cheesy!</TITLE>
This is my " if then" where I find out if the user
already has the JonShaft Cookie on their system. The HasKeys
attribute is real handy for checking cookies which have multiple values
associated with them- those values are referred to as Keys by ASP.
This cookie says, if they've got the cookie, execute the next statement.
Welcome Back, <%Response.Write
line basically says, "OK, they've got the cookie, let's Request the
cookie's keys/info and write them to the page." The Response
Object allows me to spit information to the user, the Request Object
allows me to extract it from the user. Basically what we've done
is said, "Check for cookie(Request), extract cookie(Request), write
cookie to page(Response)"
**The   tells HTML to enter a space**
Else If "BadMutha" = Request("ActionType") Then
"Else in the first line says,"Ok, the "If-Then"
wasn't true....But there's more ahead!"
'This section is for the form
input and it creates the cookie. You see, this single page of code
serves three functions: It's for people who've been here before, people
who haven't, and it makes a cookie for the people based on their form
input. You'll notice that just after the FORM METHOD html I have
some ASP code which actually asks for it's own name so it can post to
The "If-Then" statement checks to see if the user
sent a form with the name "ActionType" which has the value
equal to "BadMutha"!
It also makes two variables based on the user input to
stick into the JonShaft cookie. I call the variables TheFirstName
and TheLastName appropriately.
Response.Cookies("JonShaft").Expires = #September 3,
Response.Cookies("JonShaft").Domain= &_ ".www.activeserverpages.com"
Response.Cookies("JonShaft").Path = "/glenncook"
Response.Write "Thanks for your submission, "
Response Object is your cookie writing friend! This code actually writes
the cookie to the client's system. You'll notice that I make the
The FirstName key equal to the "TheFirstName" variable which I
extracted from the Request("FirstName") Querystring from the
input form.(Whoooo! That was a mouthful!)
Then I tell the cookie when
to expire, the domain that it should be sent to, and the path within the
domain. But the secret recipe is that little period in the
domain=".www.activeserverpages.com" Actually without
that little period, no cookie! Charles Carol helped me on this
little issue which drove me nuts. MAKE SURE THE DOT IS THERE!
Also make sure the path is EXACTLY as I wrote it.
"Else" code here basically says," Ok, they don't have the
cookie and they didn't send any form information, send them the
<input type="hidden" name="ActionType"
You must be new around here. Gimme your name?!<p>
FIRST NAME:<input type="text"
LAST NAME: <input type="text"
<input type="reset" value="Clear
<input TYPE="submit" VALUE="Submit Info!">
section is your HTML input form for the new visitor! You'll notice
that I stuck a hidden input box in there. Well basically
that's so I can get "Bad Mutha" as the Action Type but is very
effective for passing stuff that the user doesn't need to see.
I also extract the name of
this asp page -which I mentioned above- using the
Request.ServerVariables object. Remember: If you need some
information in ASP pages, just "Request" it.
Finally, don't forget to
End your If!
tips and suggestions!
- One of the most useful
things I've seen cookies used for is with Human Resource type
applications where the basic user information is stored as a cookie.
That way everytime they go to access a form to make changes they
don't have to re-type the form input information. Remember, DO
NOT store sensitive information in a cookie.
- If you are rewriting
any cookie information back to an existing cookie you need to update
all of the cooky's information (e.g. "path",
"domain", "expiration date" etc.)
- Although a cookie
might be useful for "extra" authentication, it should
never be used for secure authentication purposes. Check out Kevin
Flicks site for some great info on authentication methods and
Internet Explorer likes the domain info like ".www.domain.com"
where Netscape likes it like ".domain.com". (My
cookie is written for Explorer.)
- Cookies are finicky.
Any little mistake will have you pulling your hair out for hours.
Other 7 submission(s) by this author
Report Bad Submission
Other User Comments
There are no comments on this submission.
Add Your Feedback
Your feedback will be posted below and an email sent to
the author. Please remember that the author was kind enough to
share this with you, so any criticisms must be stated politely, or they
will be deleted. (For feedback not related to this particular article, please
click here instead.)
To post feedback, first please login.