PRB: ASP.NET Does Not Encode Cookies in UrlEncode Format by Default (313282)


The information in this article applies to:

  • Microsoft ASP.NET (included with the .NET Framework 1.1)
  • Microsoft ASP.NET (included with the .NET Framework) 1.0
This article was previously published under Q313282

SYMPTOMS

When you develop ASP.NET applications that share cookies between earlier versions of Microsoft Active Server Pages (ASP) and ASP.NET code, the data may not be encoded or unencoded as expected.

CAUSE

In earlier versions of Microsoft Active Server Pages (ASP), cookies are encoded in UrlEncode format when they are written, and cookies are unencoded when they are read. However, ASP.NET does not encode or unencode cookies in UrlEncode format by default. As a result, you may encounter unexpected behavior in ASP.NET applications.

MORE INFORMATION

Steps to Reproduce the Behavior

  1. In an earlier version of ASP, create a new ASP page, and then add the following code:
    <%@ Language="VBScript"%>
<%
    Response.Cookies("MyCookie") = "some value and other characters such as #, $, and so on"
    Response.Cookies("MyCookie").Path = "/"
    Response.Write(Request.Cookies("MyCookie"))
%>
<body>
<form id="Form1" method="post" action="CookieTest.aspx">
    <input type="submit" value="Click Me" ID="Submit1" NAME="Submit1">
</form>
</body>
  2. Create a new .aspx page named CookieTest.aspx in the same project or application.
  3. Add the following code to the .aspx page:
    <script runat="server" language="vb">
    sub Page_Load()
        Response.Write("Hello from CookieTest.aspx ...<br>")
        Response.Write(Request.Cookies("MyCookie").Value() + "<br>")
    end sub
</script>
  4. Run the ASP page first. Take note of the output.
  5. Click Submit1 to browse to CookieTest.aspx. Notice that the output is encoded in UrlEncode format. This occurs because the ASP code from the previous page sets the cookie's data.
  6. To decode the data that is retrieved from the cookie, use the following syntax:
    Response.Write(Server.UrlDecode(Request.Cookies("MyCookie").Value()))

REFERENCES

For additional information about ASP.NET articles and resources, click the article number below to view the article in the Microsoft Knowledge Base:

305140 INFO: ASP.NET Roadmap

For additional information about state management in ASP.NET, click the article number below to view the article in the Microsoft Knowledge Base:

307598 INFO: ASP.NET State Management Overview

For additional information, click the article numbers below to view the articles in the Microsoft Knowledge Base:

302390 HOW TO: Use Cookies in an ASP Page

For more information, refer to the following Microsoft Web sites:

HttpServerUtility.UrlEncode Method
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfSystemWebHttpServerUtilityClassUrlEncodeTopic.asp

HttpServerUtility.UrlDecode Method
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfSystemWebHttpServerUtilityClassUrlDecodeTopic.asp

HttpCookie Class
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfSystemWebHttpCookieClassTopic.asp

HttpResponse.Cookies Property
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfSystemWebHttpResponseClassCookiesTopic.asp

HttpRequest.Cookies Property
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfSystemWebHttpRequestClassCookiesTopic.asp

Modification Type:MinorLast Reviewed:6/23/2003
Keywords:kbCookie kbprb kbState KB313282
©2003 Microsoft Corporation. All rights reserved.