Random Cookies Disappear when Different Cookie is Set to Nothing in Internet Explorer 4, 5

ID: Q232907

The information in this article applies to:

Microsoft Internet Information Server version 4.0
Active Server Pages
Microsoft Internet Explorer (Programming) versions 4.0, 4.01, 4.01 SP1, 4.01 SP2, 5.0
Microsoft Windows NT Workstation versions 4.0, 4.0 SP1, 4.0 SP2, 4.0 SP3, 4.0 SP4
Microsoft Windows NT Server versions 4.0, 4.0 SP1, 4.0 SP2, 4.0 SP3, 4.0 SP4
Microsoft Windows 98

SYMPTOMS

In Active Server Pages (ASP) pages, cookies appear to work, and then suddenly "disappear." This occurs only when viewed with Internet Explorer 4 and 5, not in Internet Explorer 3.

If you loop through the Response.Cookies collection, you may see the name of the missing cookie separated by a semi-colon from the name of a cookie that has been set to an empty string.

CAUSE

Internet Information Server 4/Active Server Pages doesn't handle nameless cookies correctly. Nameless cookies get concatenated before the next cookie name. Consider the following valid cookie headers from the browser:


SomeNamelessValue;
cookie2=ABC;

You cannot get the value of cookie2 using the following:

Request.Cookies("cookie2")

Instead you can get the value ABC using the following:

Request.Cookies("SomeNamelessValue;cookie2")

WORKAROUND

There are two workarounds to this problem:

Expire the cookie.

Set the cookie to some known value that means it is empty, and test for that value in the code, instead of testing for an empty string.

RESOLUTION

A supported fix that corrects this problem is now available from Microsoft, but it has not been fully regression tested and should be applied only to systems experiencing this specific problem. If you are not severely affected by this specific problem, Microsoft recommends that you wait for the next Windows NT service pack that contains this fix.

To resolve this problem immediately, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information on support costs, please go to the following address on the World Wide Web:

http://www.microsoft.com/support/supportnet/overview/overview.asp

The English version of this fix should have the following file attributes or later:


   Date        Time    Size        File name     Platform
   -------------------------------------------------------------
   5/19/99   2:46PM    321K          Asp.dll     NT/Win98 
   5/19/99   2:43PM     43K      Coadmin.dll     NT/Win98                        
   5/19/99   2:45PM     11K     Ftpctrs2.dll     NT                
   5/19/99   2:45PM     80K      Ftpsvc2.dll     NT/Win98                                                                                                                                                                                                   
   5/19/99   1:55PM     12K        Httpext.h     NT                                                                
   5/19/99   2:44PM     18K     IISadmin.dll     NT/Win98
   5/19/99   2:44PM     62K       IISlog.dll     NT/Win98
   5/19/99   2:44PM     17K     Infoadmn.dll     NT
   5/19/99   2:44PM    181K     Infocomm.dll     NT/Win98
   5/19/99   2:44PM     29K     Iscomlog.dll     NT/Win98
   5/19/99   2:45PM     11K        Iwrps.dll     NT/Win98
   5/19/99   2:43PM     70K     Metadata.dll     NT/Win98
   5/19/99   2:44PM     51K        Nsepm.dll     NT
   5/19/99   2:45PM     15K       W3ctrs.dll     NT
   5/19/99   2:45PM    223K        W3svc.dll     NT/Win98
   5/19/99   2:44PM     86K          Wam.dll     NT/Win98

NOTE: If this product was already installed on your computer when you purchased it from the Original Equipment Manufacturer (OEM) and you need this fix, please call the Pay Per Incident number listed on the above Web site. If you contact Microsoft to obtain this fix, and if it is determined that you only require the fix you requested, no fee will be charged. However, if you request additional technical support, and if your no-charge technical support period has expired, or if you are not eligible for standard no-charge technical support, you may be charged a non-refundable fee.

For more information about eligibility for no-charge technical support, see the following article in the Microsoft Knowledge Base:

Q154871 Determining If You Are Eligible for No-Charge Technical Support

STATUS

Microsoft has confirmed this to be a bug in the Microsoft products listed at the beginning of this article.
Microsoft has confirmed this to be a problem in Internet Information Server 4.0.

MORE INFORMATION

This bug has been noticed because of a change in behavior between Internet Explorer 3, and Internet Explorer 4 and 5.

In Internet Explorer 3 you could set a cookie value to nothing using the following:


Response.Cookies("cookie1")=""

The browser would return a cookie header that looked like this:


cookie1=;

However, in Internet Explorer 4 and 5, the equal sign gets dropped and the following cookie header returned to the server:


cookie1;

This is bad behavior on the part of Internet Explorer because a nameless cookie is valid. There is no way for the server to know that this is a valueless name-value pair instead of simply a nameless cookie value.

Additional query words: cookies


Keywords          : kbIE400 kbIE401 kbNTOS400 kbWinOS98 kbIE401sp1 kbIE401sp2 kbNTOS400sp1 kbNTOS400sp2 kbNTOS400sp3 kbNTOS400sp4 kbGrpInet kbIE500 kbIIS 
Version           : WINDOWS:4.0,4.01,4.01 SP1,4.01 SP2,5.0; winnt:4.0,4.0 SP1,4.0 SP2,4.0 SP3,4.0 SP4
Platform          : WINDOWS winnt 
Issue type        : kbbug

Last Reviewed: July 2, 1999