The JonShaft Cookie Tutorial

Submitted on: 1/5/2015 6:51:00 AM
By: Glenn Cook (from psc cd)  
Level: Beginner
User Rating: By 2 Users
Compatibility: ASP (Active Server Pages), VbScript (browser/client side)
Views: 3383
     This Cookie tutorial is designed for anyone interested in learning how to control a cookie with ASP.


Important Update:
ASP Trencher, Bryant L. from Baarns Consulting, sent me an e-mail recently telling me that  IIS4.0 machines using ASP2.0 do not need the leading "." for defining the domain variable for the cookie, and it works with IE and Netscape!  I tested this out on a local machine of my own and sure enough, it worked perfectly.  I haven't updated the cookie-code you'll see below to reflect that because not everyone is using that exact configuration, but as ASP and IIS improve so will these little headaches.  Thanks, Bryant.

How it Works:
Green = Server-side ASP code
Purple= HTML Code
Black= Visible HTML Text
Red= My Comments

<% If Request.Cookies("JonShaft").HasKeys Then %>

A Jon Shaft Cookie. It's cheesy!</TITLE>


' This  is my " if then" where I find out if the user already has the JonShaft Cookie on their system.  The HasKeys attribute is real handy for checking cookies which have multiple values associated with them- those values are referred to as Keys by ASP.  This cookie says, if they've got the cookie, execute the next statement.


Welcome Back, <%Response.Write (Request.Cookies("JonShaft")("FirstName"))%>&#32

'This  line basically says, "OK, they've got the cookie, let's Request the cookie's keys/info and write them to the page."  The Response Object allows me to spit information to the user, the Request Object allows me to extract it from the user.  Basically what we've done is said, "Check for cookie(Request), extract cookie(Request), write cookie to page(Response)"
**The &#32 tells HTML to enter a space**




Else If "BadMutha" = Request("ActionType") Then

'The "Else in the first line says,"Ok, the "If-Then" wasn't true....But there's more ahead!"
'This section is for the form input and it creates the cookie.  You see, this single page of code serves three functions: It's for people who've been here before, people who haven't, and it makes a cookie for the people based on their form input.  You'll notice that just after the FORM METHOD html I have some ASP code which actually asks for it's own name so it can post to itself!

The "If-Then" statement checks to see if the user sent a form with the name "ActionType" which has the value equal to "BadMutha"!
It also makes two variables based on the user input to stick into the JonShaft cookie.  I call the variables TheFirstName and TheLastName appropriately.



Response.Cookies("JonShaft")("FirstName") = TheFirstName
Response.Cookies("JonShaft")("LastName") = TheLastName
Response.Cookies("JonShaft").Expires = #September 3, 2001#
Response.Cookies("JonShaft").Domain=  &_ ""

Response.Cookies("JonShaft").Path = "/glenncook"
Response.Write "Thanks for your submission, "
'The Response Object is your cookie writing friend! This code actually writes the cookie to the client's system.  You'll notice that I make the The FirstName key equal to the "TheFirstName" variable which I extracted from the Request("FirstName") Querystring from the input form.(Whoooo! That was a mouthful!)

Then I tell the cookie when to expire, the domain that it should be sent to, and the path within the domain.  But the secret recipe is that little period in the domain=""  Actually without that little period, no cookie!  Charles Carol helped me on this little issue which drove me nuts.   MAKE SURE THE DOT IS THERE! Also make sure the path is EXACTLY as I wrote it.


<%Else%> 'The "Else" code here basically says," Ok, they don't have the cookie and they didn't send any form information, send them the following code!


<FORM METHOD=POST ACTION="<%=Request.ServerVariables("SCRIPT_NAME")%>">
<input type="hidden" name="ActionType" value="BadMutha">

You must be new around here. Gimme your name?!<p>
FIRST NAME:<input type="text" name="FirstName" size="15"><br>
LAST NAME:&#32<input type="text" name="LastName" size="15"><p>

<input type="reset" value="Clear Form">
<input TYPE="submit" VALUE="Submit Info!">

<%End If%>
<%End If%>
'This section is your HTML input form for the new visitor!  You'll notice that I stuck a hidden input box in there.  Well basically  that's so I can get "Bad Mutha" as the Action Type but is very effective for passing stuff that the user doesn't need to see.

I also extract the name of this asp page -which I mentioned above- using the Request.ServerVariables object.  Remember: If you need some information in ASP pages, just "Request" it.

Finally, don't forget to End your If!

Some tips and suggestions!
  • One of the most useful things I've seen cookies used for is with Human Resource type applications where the basic user information is stored as a cookie.  That way everytime they go to access a form to make changes they don't have to re-type the form input information.  Remember, DO NOT store sensitive information in a cookie.
  • If you are rewriting any cookie information back to an existing cookie you need to update all of the cooky's information (e.g. "path", "domain", "expiration date" etc.)


  • Although a cookie might be useful for "extra" authentication, it should never be used for secure authentication purposes. Check out Kevin Flicks site for some great info on authentication methods and security considerations.
    Internet Explorer likes the domain info like "" where Netscape likes it like "".  (My cookie is written for Explorer.)
  • Cookies are finicky.  Any little mistake will have you pulling your hair out for hours.


Other 7 submission(s) by this author


Report Bad Submission
Use this form to tell us if this entry should be deleted (i.e contains no code, is a virus, etc.).
This submission should be removed because:

Your Vote

What do you think of this article (in the Beginner category)?
(The article with your highest vote will win this month's coding contest!)
Excellent  Good  Average  Below Average  Poor (See voting log ...)

Other User Comments

 There are no comments on this submission.

Add Your Feedback
Your feedback will be posted below and an email sent to the author. Please remember that the author was kind enough to share this with you, so any criticisms must be stated politely, or they will be deleted. (For feedback not related to this particular article, please click here instead.)

To post feedback, first please login.