Here, There, and Back Again: Maintaining State Across Domains

Sidebar: Debugging cookies and redirects

The techniques here rely heavily on cookies and redirects. Either one can be tricky to debug, especially since all the action takes place behind the scenes, usually without direct feedback to the browser. Here are three ideas that may make your life a little easier.

Prompt for Cookies
First, simply set your browser to prompt you for cookies rather than automatically accepting or rejecting them. Any cookie manager will do that. In Internet Explorer, click on Tools -> Internet Options, click on the Security tab and then choose Custom Level. Under "Cookies" set both options to "Prompt". Once set, you’ll be prompted at every cookie-write attempt. Use the Details of the cookie, such as domain, name, expiration date and actual value, to debug your process.

Create a Cookie Display Page
Second, create a simple cookie-read page that spits out the values. If you’re using multiple subdomains, make a page on each. Another page to expire the cookie is also quite helpful. Here’s a simple example of a displaycookie.asp page I use to view or clear the cookie I’m creating:

   <html>
   <head>
   <title>Display Cookie</title>
   </head>
   <body>
   <h1>Display Cookie</h1>
   CustomerID=*<%=Request.Cookies("MainCookie")("CustomerID")%>*<br>
   UserName=*<%=Request.Cookies("MainCookie")("UserName")%>*<br>
   Status=*<%=Request.Cookies("MainCookie")("Status")%>*<br>
   <br><br>
   <a href="cookiedisplay.asp">Display Cookie</a><br>
   <a href="expirecookie.asp">Expire Cookie</a><br><br>
   </body>
   </html>

Here’s what expirecookie.asp looks like:

   <html>
   <head>
   <title>Expire Cookie</title>
   </head>
   <body>
   <h1>Expire Cookie</h1>
   <%
   Response.Cookies("MainCookie").domain = "mycompany.com"
   Response.Cookies("MainCookie").Expires=NOW()
   %>
   Cookie wiped.
   <br><br>
   <a href="cookiedisplay.asp">Display Cookie</a><br>
   <a href="expirecookie.asp">Expire Cookie</a><br><br>
   </body>
   </html>

Add a Debug Variable
Third, when in doubt, add a "Debug" variable. The hardest part of a complex app is when you’re trying to debug redirects. Having a series of redirects can send you spiraling off like Darth Vader at the end of Star Wars. When you have a decision tree that traverses multiple pages, add a Debug cookie to your collection and append it at every logic branch. Here’s an example:

   Response.Cookies("MainCookie").Domain = "mycompany.com"
   If Request("CustomerID") = "" then
      Response.Cookies("MainCookie")("Debug") = _
      Request.Cookies("MainCookie")("Debug") & _
      "; no CustomerID...redirecting to signin.asp"
      Response.Redirect("signin.asp")
   Else
      Response.Cookies("MainCookie")("Debug") = _
      Request.Cookies("MainCookie")("Debug") & "; CustomerID found"
     '[Do other stuff here]
   End If

Then, to check the results, add a line to the cookiedisplay.asp page described above, something like:

   Debug=*<%=Request.Cookies("MainCookie")("Debug")%>*<br>

(If you’re wondering about the asterisks, I use them to distinguish spaces from empty strings.)

By doing this, you can execute a series of redirects and other processes, and then go to your cookiedisplay page and see what just happened. The code continually appends new values without writing over your previous values. Whenever you need a sanity check, just drop this line in and check your results. Don’t forget to comment it out when you’re done.

— JW