Not able to simulate blocking cookies for ASP.Net app

[Greg Livengood]

I need to test my ASP.net web application for the case that the client
browser doesn't support cookies or for the case that cookies are
turned off on the client browswer.
What is odd is that when I go to the IE (6.0) Tools | Internet
Options | Privacy Tab and select "Block All Cookies" level the
following still returns true in my Page_Load
Request.Browser.Cookies
This plus the fact that the client side javascript and my ASP.Net
application both read and write cookies baffles me. What am I not
doing correctly to disable cookies in my client browser to simulate
the no cookies condition?

Thanks for your help in advance,
--Greg

 

[Jacob Yang [MSFT]]

Hi Greg,

Based on my research and experience, I would like to share the following
information with you.

Firstly, the privacy settings only affect Web sites in the Internet zone.
If we are testing against the web sites that are located in local intranet
zone, for example, the localhost, the privacy setting will not affect in
such case. To disallow cookies in local intranet zone, we should set the
security level in this zone to high (The default security level for the
Local intranet zone is Medium, therefore, Internet Explorer will allow all
cookies from Web sites in this zone to be saved on our computer and read by
the Web site that created them.)

Secondly, when we change your privacy settings, the changes might not
affect cookies that are already on our computer. If we want to ensure that
all of the cookies on our computer meet our privacy settings, we should
delete all of the existing cookies on our computer. When we return to Web
sites that previously had saved cookies on our computer, the Web sites that
meet our privacy settings will save cookies on our computer again. The Web
sites that do not meet our privacy settings will not be allowed to save
cookies on our computer, and might not function properly.

Does it answer your question? If I have misunderstood your concern, please
feel free to let me know.

Best regards,

Jacob Yang
Microsoft Online Partner Support
Get Secure! ¨C www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.

 

[John Saunders]

I need to test my ASP.net web application for the case that the client
browser doesn't support cookies or for the case that cookies are
turned off on the client browswer.
What is odd is that when I go to the IE (6.0) Tools | Internet
Options | Privacy Tab and select "Block All Cookies" level the
following still returns true in my Page_Load
Request.Browser.Cookies
This plus the fact that the client side javascript and my ASP.Net
application both read and write cookies baffles me. What am I not
doing correctly to disable cookies in my client browser to simulate
the no cookies condition?

Request.Browser.Cookies only tells you whether the browser supports cookies.
For example, it tells you that Internet Explorer supports cookies.

It does not say whether a particular cookie, if sent to the client, would be
returned to your server code. If you want to know that, you'll have to send
a cookie to the client, then redirect to a page which will determine whether
the cookie you sent to the client has been received by the server. I usually
put something unique into the cookie so I can be sure I got the cookie I
sent today, not a cookie I sent last week.