Login

Consultor Eletrônico



Kbase 17771: How to debug Cookie problems
Autor   Progress Software Corporation - Progress
Acesso   Público
Publicação   11/3/2008
Status: Verified

GOAL:

How to debug Cookie problems

FIX:

Cookies sometimes can become lost or not recognized as being set by the browser in the following two scenarios:

- In the HTTP return.
(for example, the WebSpeed agent does not send the cookie back.)

- In the subsequent browser request.
(for example, the browser does not recognize that it needs to send the cookie to the Web server.)

The browser sends the cookies only if it thinks that a URL that is requested matches the filters that are stored for the cookie (the "domain", "path", "expiration date", etc.).

The syntax for set-cookie is:

set-cookie (cookie-name, cookie-value, exp-date, exp-time, path, domain, secure).

exp-date - Expiration date (local) or ? for cookie to terminate when the browser session ends.

exp-time - Expiration time (local) or ? for cookie to terminate when the browser sessions ends.

path - The URL path to which the cookie should apply.

If ? is specified, the value of the DefaultCookiePath configuration option is used and if not set, the value of the AppURL global variable is used.

domain - The domain to which the cookie should apply.

If ? is specified, the value of the DefaultCookieDomain configuration option is used and if not set, the domain option is not set on the cookie, in which case the current hostname of the Web server is used by the Web browser.

secure - If specified, the word "secure" must be used.

Here, the cookie is passed back by the browser only over a secure (SSL) connection. If ? is specified, the cookie is sent over un-secure connections as well.

Typical problems with this model are as follows:

- The domain (for example, "cranberry" or "172.23.012.4").

If you use any sort of proxies or funny names, there can be a problem because the browser does not realize that it is going back to the same spot.
To test this, specify the IP Address and Port as part of the URL. That is, go to:

http://172.23.04.4:80/cgi-bin/cgiip.exe/test.r

- "Secure" is set when it shouldn't be, consequently the browser does not return any cookies.

To test this, specify NOT SECURE for the path in the set-cookie ("testcookie", "this is the value", today + 1,?,"/",?,FALSE).

- The path is confused.

Often this occurs with WService messengers because the "=" sign messes up the URL.

To test this, specify "/" for the path in the set-cookie ("testcookie", "this is the value", today + 1,?,"/",?,?).

- The Date/Time used by the browser is "wrong" so the browser thinks the cookie is expired.

To test this, do not specify the expire date set-cookie ("testcookie", "this is the value",?,?,?,?,?).