views:

53

answers:

1

I need to detect if a request cookie - value is different from a response cookie - value.

Its not as easy as:

if(cookiesArePresent)
{
    bool isDifferent = HttpContext.Current.Response.Cookies[".ASPXANONYMOUS"].value == HttpContext.Current.Response.Cookies[".ASPXANONYMOUS"].value;
}

But I read that changing the Response.Cookies changes the Request.Cookies. That would mean they are always the same if HttpContext.Current.Response.Cookies[".ASPXANONYMOUS"] was changed. Is there an easy way around this?

http://chance.lindseydev.com/2009/04/aspnet-httprequestcookies-and.html

+1  A: 

If you use Reflector to examing System.Web.Security.AnonymousIdentificationModule, you can see that the anonymous cookie is only read/written in PostAuthenticateRequest.

So, if you suspect something is wonky, write a simple HttpModule that reads the cookie during AuthenticateRequest and compare it to the value you get in AuthorizeRequest.

For more information about the request lifecycle see Exploring Web.config - system.web/httpModules by yours truly.

Sky Sanders