I tried using wwHTTPHeader.

*	set session cookie
loHeader.DefaultHeader()
loHeader.AddCookie("TestCookie", Process.icLicensePlate, "/", "NEVER")
loHeader.CompleteHeader()

... but that always got me an expired header.

I tried using addheader, but that didn't work.

I'm on WC 5.351.

Thanks.

Not sure what you're saying. The code you're showing is old Server code, not code with wwhttp.

If you're doing this on the server with a recent version of Web Connection, use Response.AddCookie().

+++ Rick ---

Hi Rick,

The wwhttp call is to obtain a report (which needs the cookie) and the response class is used to send the report to the user.

Ok. The wwHttpHeader class has long been obsoleted.

Use Response.AddCookie() to send Cookies to the client.

wwHttpHeader applies only if you're using pre-5.x versions of Web Connection or haven't updated to the newer response classes.

+++ Rick ---

Rick, thanks for the prompt reply.

We already use the response class for cookies. I'm very familiar with that. I've sub-classed it to add secure, http-only and same-site cookies.

I need to add a cookie to the wwHttp call that is used to obtain the report. After I obtain the report I use the response class to serve content to the user.

The wwHttp class doesn't have native cookie support, and I don't want to go to a lot of work to add a cookie container to mimic that of the response class.

So is there a way to hack together a cookie with custom headers to use with the wwHttp class?

Thanks.

loHttp = CREATEOBJECT("wwHttp")
...
loHttp.Addheader("Cookie","Cookiename=value;Cookie2=value;_ga=GA1.1.1604208117.1439881907")

I'm not sure offhand what the cookie string looks like but just use Fiddler or other tool and look at what the browser sends and use that.

+++ Rick ---

I think I tried that and it didn't work. I know I most recently tried "set-cookie" and that didn't work either.

I'm off work now. I'll play with it more on Monday and let you know.

Thanks again Rick!

Use whatever you see a browser sending. But the syntax I show is correct. Client syntax is VERY different than server syntax for cookies and you can't set a cookie from the client. The client syntax is much simpler and involves simple key value pairs.

But the server has to set it first, then the client can keep re-sending the cookie back to the server. The server has to still understand the cookie.

The way it works is:

• Server sets cookie
• Client picks up cookie and saves it
• On subsequent requests browser sends saved cookie

IOW, cookies require both client and server interaction in order to work properly.

+++ Rick ---

Thanks Rick,

Lots of good info, unfortunately I can't get it to work.

I should be able to post a form and the cookie to an aspx page, correct?

If I use AddHeader('Cookie', ... I can see it in the headers in FoxPro, but Fiddler2 will display every header except the cookie.

HEADERS in FoxPro:

Content-Type: application/x-www-form-urlencoded
Cookie: iclp07254Z10JXT7R4Z10JXT7S=4Z10JXT7M15860; Path=/; Domain=<deleted>.com
Accept-Encoding: gzip
Content-Length: 3134

FIDDLER2:

Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip
Content-Length: 3134

Fiddler is showing all my other cookies and headers.

If I use anything except 'Cookie' for the header name, I can see it in Fiddler2.

I created an aspx page using this code to read the cookie value:

string cCookieName = "iclp" + Request.QueryString["ICIN"];
Response.Write("cookie name: " + cCookieName);

if (Request.Cookies[cCookieName] != null)
{
	HttpCookie cCookieValue = Request.Cookies[cCookieName];
	Response.Write(" cookie value: " + cCookieValue.Value);
}else{
	Response.Write(" cookie value: null");
}

It works when linked to my website, but when I use the wwhttp class, the cookie value is null.

Is there some handling of a Cookie header already in place in your dll, that's blocking the Cookie header?

Thanks.

Never mind. I think this will never work using the wwhttp class.

I need to create the cookie on the aspx page that sends the report to me.

Again, Rick, thanks for your input.

That's because the cookie you're sending is invalid. A client side cookie doesn't have all the path variables etc.

Client Cookies != Server Cookies

Client Cookies are basically in this format:

Cookie: cookieParm1=value;cookieParm2=value;

You're adding all the server stuff to it and that makes the cookie invalid.

You can use client side HTTP cookies after they have been created on the server. IOW, something has to create the cookie on the server in order to get the right ID that maps to a session or whatever that cookie is supposed to do.

A client side cookie can't create a cookie on the server. It always starts on the server and the client can then re-send the initially generated cookie.

So it usually works like this:

• Server: Generates cookie
• Client: Reads cookie and saves it for later reuse
• Client: Writes cookie to server as part of request
• Server: Reconnects cookie to server data
• Server: Returns data to client (no cookie sent)

+++ Rick ---

+++ Rick ---