views:

59

answers:

4

If I disable javascript and cookies, Amazon.com detects that cookies are disabled without a redirect. If you click the cart link, there's only a get on the cart page.

I'm guessing amazon.com is most likely not using ASP.NET, but how would you accomplish detecting disabled cookies using ASP.NET without the use of javascript and redirecting? Is it possible to detect if cookies are disabled in one round trip?

A: 

I guess it may load the page in the javascript / cookies off configuration and then use javascript to do the check and set functionality to cookies enabled if needed.

Paul Hadfield
A: 

Could you set a Cookie in Page_Init for instance, then see if you could read from it in Page_PreRender?

Not sure that's even possible, but that's the only way I could think of.

Jack Marchetti
I'm afraid that wouldn't work as both of those methods are server side in the same request. So it wouldn't tell you if the client had either Javascript or cookies disabled.
Paul Hadfield
+1  A: 

I believe what you're describing is impossible. Amazon doesn't appear to do that. As proof:

  1. Disable JavaScript
  2. Clear your cookies (but leave them enabled)
  3. Go here: http://www.amazon.com/gp/cart/view.html/ref=gno_cart

You'll get the message "Please Enable Cookies in your Web Browser to Continue." But if you reload the page, the message will go away, because cookies got set on the first viewing.

The reason this doesn't work is that when a page response sets cookies, the server can't tell they've been properly set until the next request. You can get around that using JavaScript, of course, but without that there's no way for the server to know in advance whether a request comes from a browser that will accept cookies.

William Pietri
Tricky, not impossible. You usually have more than one request per page render (think all the HTTP referenced content).
qdot
I understand why your steps work, but in FF and IE, if I disable javascript and cookies, add any item to the cart and I tried this with a variety of items, only a single post is traced. It is: POST /gp/product/handle-buy-box/ref=dp_start-bbf_1_glance. Maybe the debuggers/proxies are not intercepting a get/post?
Steve
@qdot: Yes, you're correct, you can do it with an iframe, just as long as you do everything that matters in that iframe, and the iframes are uniquely coded so you can tell requests apart. But Amazon's not up to anything like that.
William Pietri
@Steve: I just tried my steps with the add-to-cart post, and it's the same deal. Leave JS off and cookies on but cleared. Then click the "add to cart" button. One post happens, and they (incorrectly) tell you your cookies are disabled because they don't see any incoming cookies.
William Pietri
I think it always boils down to the meaning of the url. One neat trick would be to have your website be hosted under 'http://example.com/SESSIONID/your-regular-directory-structure', with all relative links. Server strips SESSIONID from the URL for static files, and processes it for dynamic ones.
qdot
+2  A: 

You don't need redirect to get at the cookies. All you need is a delayed load content.

Basically, I believe the following would work:

The 'GET /index.html' response sets the Cookies (they come in the header, and are stored before index.html is received and rendered).

You can than check for cookies while serving say 'GET /TinyImage.gif' if you don't run into caching problems and respond to images dynamically.

So, the final problem, is how do you inform the user about your findings from the TinyImage request? Definitely not easily, but if you use IFrame instead of a simple tag, you can essentially have two GET requests for a single page render.

Or, you can be really, really insane and actually stall the first GET until the second GET confirms the browser settings. This is for some HTTP wizards, but if you can wrap your head around Comet (not AJAX, Comet!), it can come in handy.

It's definitely possible, just tricky. Would I try doing so in ASP.NET? Can't promise anything but it will be a neat thing to share.

qdot
Well, the problem with "GET /TinyImage.gif" is that you can't be sure the request came from the same browser. With no cookies to correlate sessions, you'd have to do a unique gif, or a unique iframe target. And you'd have to do it with each stateful pageview, which would complicate all your rendering.Practically, though, I think Steve is better off doing what Amazon (and everybody else) does: if there's a state-changing request (which should always be a POST), check for the appropriate cookies; if they don't have them, tell them to turn cookies back on.
William Pietri
You've raised an important point - yes, it *might* complicate rendering.. Why am I saying might? What I'm using in my code (C#, StringTemplate, SubSonic) is generating random GUIDs for each and every pageview. They are included in each and every outgoing link. Simple, and effective, the only drawback being that is nukes any meaningful caches.. Or is it a feature? :)
qdot