AuthManager::SetProperty Always Sets Ticket in Cookie Regardless of Browser Settings (310960)


The information in this article applies to:

  • Microsoft Commerce Server 2000
This article was previously published under Q310960

SYMPTOMS

When AuthManager::SetProperty is called, it sets a ticket in the cookie and in the URL even if SetProfileTicket or SetAuthTicket was called with CookieSupport = False. In other words, the AuthTicket cookie is always sent to the client browser even if cookies are not enabled.

CAUSE

AuthManager::SetProperty does not check if the browser is set to support cookies. SetProperty should set the ticket in a cookie if cookies are supported and enabled in the browser, otherwise, it should set the ticket in the URL.

RESOLUTION

To resolve this problem, obtain the latest service pack for Commerce Server 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

297216 INFO: How to Obtain the Latest Commerce Server 2000 Service Pack

STATUS

Microsoft has confirmed that this is a problem in Microsoft Commerce Server 2000. This problem was first corrected in Commerce Server 2000 Service Pack 2.

MORE INFORMATION

The following is an ASP code example of how to correctly use SetProfileTicket: 


<!-- #include file="include/std_access_lib.asp" -->
<!-- #INCLUDE FILE="include/std_cookie_lib.asp" -->
<!-- #INCLUDE FILE="include/setupenv.asp" -->
<!-- #INCLUDE FILE="include/std_url_lib.asp" -->
<!-- #INCLUDE FILE="include/std_profile_lib.asp" -->
<!-- #INCLUDE FILE="include/std_util_lib.asp" -->

<%
Const enumMSCS_ProfileTicketType = 1

Sub Main()
	Dim sUserID
	
	If Not IsNull(mscsAuthMgr.GetUserID(GUEST_TICKET)) Then
		Response.Write "<BR>GUEST_USER"
		sUserID = mscsAuthMgr.GetUserID(GUEST_TICKET)
	Else
		Response.Write "<BR>ANON_USER"
		sUserID = "JoeUser@microsoft.com"
		Call mscsAuthMgr.SetProfileTicket(sUserID, WRITE_TICKET_TO_URL)
		
		'*** When the property below is uncommented, the user is not recognized 
		'*** as a guest when they return to this page via the hyperlink
		Call mscsAuthMgr.SetProperty(enumMSCS_ProfileTicketType, "sex", "male")
	End If
End Sub
%>

<HTML>
<BODY>
  <%Response.Write "<A HREF=" & mscsAuthMgr.GetURL("ProfileTicketTest.asp", False, False, Array(), Array()) & ">click</A>"%>
</BODY>
</HTML>


Microsoft provides programming examples for illustration only, without warranty either expressed or implied, including, but not limited to, the implied warranties of merchantability and/or fitness for a particular purpose. This article assumes that you are familiar with the programming language being demonstrated and the tools used to create and debug procedures. Microsoft support professionals can help explain the functionality of a particular procedure, but they will not modify these examples to provide added functionality or construct procedures to meet your specific needs. If you have limited programming experience, you may want to contact a Microsoft Certified Partner or the Microsoft fee-based consulting line at (800) 936-5200. For more information about Microsoft Certified Partners, please visit the following Microsoft Web site:

http://www.microsoft.com/partner/referral/

For more information about the support options that are available and about how to contact Microsoft, visit the following Microsoft Web site:

http://support.microsoft.com/default.aspx?scid=fh;EN-US;CNTACTMS

Modification Type:MajorLast Reviewed:6/23/2005
Keywords:kbbug kbfix KB310960
©2004 Microsoft Corporation. All rights reserved.