Nasty IIS/ASP Querystring Cookie Case Bug
Friday, February 29th, 2008I just stumbled on a nasty, nasty ASP bug that took about 7 years for me to see.
The problem happens when using cookies and querystrings with the same name. A page on the site reads in a variable from the querystring and sets a cookie with the same name to its value, e.g.:
strSrc = Request.QueryString(“A”)
Response.Cookies(“A”) = strSource
Response.Cookies(“A”).Expires = Now + (2 * 30)
However, if the variable name in the query string is different from the capitalization of the cookie name (e.g page.asp?a=xxx) then a new cookie gets set with the name matching the captialization of the
QueryString variable.
