codepages and cookies

[Mark]

Hi...

I'm a little perplexed. <%@Codepage="65001" %> changes how IIS/ASP will
handle interpreting query string variables - i.e. it will read the
querystring as being utf-8 encoded.

However, I'm finding that it *doesn't* change how Response.Cookies or
Request.Cookies get read/written.

I've been testing with a little jscript asp page with the lines

if (String (Request.QueryString ("abc")) != "undefined")
Response.Cookies("abc") = Request.QueryString ("abc");
Response.Write (Request.QueryString ("abc"));

to take a value from the query string and pass it back out as a cookie. The
test value I was using was r%c3%a9sume (resume with an accented e). When the
code page is set to utf-8, it will properly interpret the urlencoded query as
a utf-8 string. It will output the right bytes with Response.Write.

But watching the headers produced by the request, it comes out encoded in
latin-1.
Set-Cookie: abc=r%E9sume; path=/

I checked the cookie rfc on w3c.org, and oddly it doesn't say much about how
to encode/interpret cookie NAME=VALUEs. The only comment on character set in
the spec is that a cookie *comment* has to be utf-8 encoded.

I couldn't find anything on the MSDN documentation that addressed cookie
character sets either.

Anyone else run into this?

Thanks
_mark

 

[[MSFT]]

Hi Mark,

I build a test smilar to yours but I get different cookies string in
request:

<HTTPHeaders>
<accept>image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/x-shockwave-flash, application/vnd.ms-excel,
application/vnd.ms-powerpoint, application/msword, */*</accept>
<accept-language>zh-cn</accept-language>
<accept-encoding>gzip, deflate</accept-encoding>
<user-agent>Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR
1.1.4322)</user-agent>
<host>localhost:8080</host>
<connection>Keep-Alive</connection>
<cookie>abc=r%C3%A9sume;
adAuthCookie=2D81B8B6162D1306F42C775C52BBB4E7EF2418D5AA1AA2B05263A4829D294F1
055825F66B9CCA942B2325C5CBE7B3C99E73C24B25CE1014756DCDF6288E4D6BE;
ASPSESSIONIDQAQCBCAT=OLIFHPFAINECBFCBOIBKHDMN</cookie>
</HTTPHeaders>

Currently I am working with Windows server 2003 and IE sp1. Is this same
with you?

Luke

 

[Mark]

Hi Luke...

My posting was reflecting what I saw on W2k.sp4, IIS 5.0,
IE.6.0.sp1+hotfixes. From the headers IIS produced, I got the impression
that IIS/ASP was always encoding cookies with latin 1. I.e. the Set-Cookie:
header coming out was already in latin1, despite the page being in 65001.

When you say you used W2003, I presume that also means IIS 6? I just ran
the same experiment on a similar box, and it seems that this question is
addressed more correctly in the newer version.

Thanks
_mark

 

[[MSFT]]

Hi Mark,

Yes, I am working with IIS 6.0 on Win 2003. I think the difference on
cookie encoding may be related to client's environment. For example, the OS
or locale settings.

Luke

 

[Mark]

Hi Luke...

I beg to differ. I used the same client and client environment to test the
difference between IIS 5.0 and IIS 6.0 on 2003 (plus I watched the actual
Set-Cookie headers each produced), and it appears to be a definite change in
IIS/ASP's handling of cookies and encoding.

The browser just seems to stash the url-encoded string that the host gave
it, and returns it on subsequent requests.

It makes more sense to me the way IIS 6/ASP is handling things - that
cookies should follow the same codepage declaration that the Request and
Response objects do (as well as Server.UrlEncode).

Thanks
_mark

 

[[MSFT]]

Hi Mark,

As I know, Session also has a CodePage property like:

<%@ CodePage="65001" %>
<%

Session.CodePage = 65001
%>

You may try this to see if the cookie's code can be changed.

Also, this article maybe helpful:

#International Active Server Pages
http://msdn.microsoft.com/library/en-us/dnasp/html/nextgen.asp?frame=true

Luke