BUG: XMLHTTP Fails to Send Cookies from a Client

Symptoms

The MSXML2.XMLHTTP object does not use cookies per se, but you can use it to send your own cookies from a client to a server. When you use the MSXML2.XMLHTTP object to send your cookies from a client, you may find that your cookies are empty when they arrive at the server.

NOTE: Usually a server sends and receives cookies. In this case, you may be submitting cookies from a client so that you do not have to reauthenticate the client.

Resolution

To work around this problem, invoke the setRequestHeader method twice for the cookie.

Status

Microsoft has confirmed that this is a bug in the Microsoft products that are listed at the beginning of this article.

More Information

Steps to Reproduce Behavior

  1. Create the Windows script to send the cookie:
    1. Create a new text file by using Windows Notepad or another text editor.
    2. Paste the following code into the text file:
      Dim http 
      set http = WScript.CreateObject("MSXML2.XMLHTTP")
      http.open "GET", "http://localhost/user.asp", false
      http.setRequestHeader "Cookie", "cookietest=testvalue"
      'http.setRequestHeader "Cookie", "cookietest=testvalue"
      http.send
      WScript.Echo http.status
      WScript.Echo http.responseText
    3. Save the text file as Cookie.vbs in a folder of your choice.
  2. Create the Active Server Pages (ASP) page to receive and return the cookie:
    1. Create a new text file by using Windows Notepad or another text editor.
    2. Paste the following code into the text file:
      <%
      Response.Write "Cookie: " & CStr(Request.ServerVariables("HTTP_COOKIE"))
      %>
    3. Save the text file as User.asp in the C:\InetPub\WWWRoot folder or another physical path that corresponds to the home folder of your default Web site.
  3. At a command prompt, type the following to execute the Visual Basic Scripting Edition (VBS) script by using the Windows Scripting Host. Change the location of the file to refer to the folder where you saved the Cookie.vbs file:wscript c:\cookie.vbs

    The cookie string that is returned is empty.
  4. In the file Cookie.vbs, uncomment the following line:
    'http.setRequestHeader "Cookie", "cookietest=testvalue"
  5. Save Cookie.vbs.
  6. Again run Cookie.vbs by using the following:
    wscript c:\cookie.vbs
    Note that the cookie is returned successfully.
Eigenschaften

Artikelnummer: 290899 – Letzte Überarbeitung: 22.06.2014 – Revision: 1

Feedback