Cookies

Version 1
    This document was generated from CDN thread

    Created by: Kenneth Aasgrav on 30-06-2008 10:31:41 AM
    I am developing an IP phone web application in c# .net 2.0 using IIS version 5.1.

    When the IP phone is turned on it Gets the default.aspx page. I use Server.Transfer on the server and then I send the response, which is used to show a login screen on the IP phone. In the response I have set a cookie, which the phone should send back to the web application when doing a new requst. The problem is that the phone never sends that cookie in the next request.

    When the phone is doing a requst I see that the http header contains "Connection : Close". I believe this setting should be set to "Connection : keep alive" to make the phone return back the cookie on every requst?

    Subject: Re: Cookies
    Replied by: David Staudt on 30-06-2008 02:10:28 PM
    The phones do have cookie support. There are a couple of details though:

    • Up to 10 cookies can be stored at any one time, FIFO
    • Cookies expire at the 30 minute mark - no more, no less despite specified expiration times
    • Cookies are limited to 256 bytes. This is likely your problem, as the phone will ignore too-large cookies.

    Subject: Re: Cookies
    Replied by: Kenneth Aasgrav on 02-07-2008 10:00:02 AM
    The problem is not that I use too large cookies. I am able to set the cookie and I can see that this cookie is sent to the phone. This is the httpheader sent to the phone:

    HTTP/1.1 200 OK
    Server: Microsoft-IIS/5.1
    Date: Wed, 02 Jul 2008 09:43:42 GMT
    X-Powered-By: ASP.NET
    Connection: close
    X-AspNet-Version: 2.0.50727
    Set-Cookie: model=C7921; expires=Wed, 02-Jul-2008 12:13:42 GMT; path=/
    Cache-Control: private
    Content-Type: text/xml; charset=utf-8
    Content-Length: 1516

    I belive that the httpheader should be set to Connection:keep-alive and not Connection:Close. The problem is that every request from the phone contains Connection: close, which is used to tell the web-server to close the session. Is there a way to change the httprequest from the cisco ip-phone to Connection: keep-alive?

    Subject: Re: Cookies
    Replied by: David Staudt on 02-07-2008 03:26:09 PM
    Connection: close is fixed - not modifiable - and will not effect cookie handling. The headers/cookie you pasted look ok....can you attach a raw packet capture from the phone's extra port (bootup through test sequence?) What phone model/firmware version is in use?

    Subject: Re: Cookies
    Replied by: Kenneth Aasgrav on 03-07-2008 06:05:09 AM
    Thank you, David for your answers.

    I'am using Cisco IP Phone 7940 with App Load ID = P00307020400.

    When I let Asp.net 2.0 generate the cookies for me I get the following results.

    The phone request the default.aspx and sets the following cookie:
    ASP:NET_SessionID = "aerozx55dq24xmnqwhuls5mr"

    I do a Server.Transfer to the login.aspx, generate a respons and the login page is shown in the display. When I hit the submit button the phone makes a requst to Authenticate.aspx. What I see is that the Session Id has changed:

    ASP:NET_SessionID = "hwxwzeufosxwjbihmnmxs355"

    When I use Cisco IP Communicator installed on my PC I do not have problems with sessions at all.

    Subject: Re: Cookies
    Replied by: David Staudt on 03-07-2008 02:58:37 PM
    Very odd. It seems unlikely that the phone is generating a complete and valid ASP cookie randomly though...is this a cookie from a previous session possibly?

    As mentioned above a network packet capture (Wireshark is a good tool for this) will show exactly what is coming into/out-of the phone and should clarify the issue.

    Subject: Re: Cookies
    Replied by: Kenneth Aasgrav on 03-07-2008 05:57:52 PM
    I am using EffeTech HTTP Sniffer so I can see what's inside every http request and response sendt to and from the IP Phone. Therefore I do not believe it's necessary to use WireShark.

    I have done som more testing and this is what I have come up with:

    When I push the Services button, the phone requests the default.aspx page. After Server.Transfer(Login.aspx), the login page shows in the display. I can see that asp.net_sessionId in the response is included in the HTTP header. When I push SoftKeyA (submit), the Authenticate.aspx is requested. And this request contains a new sessionId. This sessionId is persistent when navigating all other pages.

    Every time I push the services button a new sessionId is generated, but everytime i push the submit button on the login page (first page shown on the phone), I get another sessionId and this sessionId is always the same, but different from the sessionId generated when requesting default.aspx. Strange?

    Subject: Re: Cookies
    Replied by: David Staudt on 03-07-2008 07:53:08 PM
    Indeed strange. I am not aware of any issues in this area, and surely others would have run into this problem in very basic functionality if it was something in the phone firware. Not ruling that out, though...

    In the interests of having hard evidence to give to the phone engineering team when/if we have to escalate to them: a packet capture from the actual phone port itself will be what they request - and will show conclusively that the phone is responding improperly to standard HTTP messages. Bear with my on this request, Wireshark is free and easy to use:

    • Install Wireshark on your laptop
    • Plug your laptop into the back of the phone in the PC switch port
    • Make sure you phone's config in CCM admin hasn't disabled the phone switch port
    • Start the packet capture on your PC
    • Restart the phone (**#** is fine)
    • Ruth through the scenario
    • Stop the capture and attach here

    Another thing to check, cookies have options to restrict their scope by domain, site, page. Any possibility of overlap or confusion there? It doesn't sound like it from your description...

    Subject: Re: Cookies
    Replied by: Kenneth Aasgrav on 04-07-2008 08:04:42 AM
    The cookies lives within the same scope by domain.

    I have captured the packets using WireShark. I would appreciate if you could have a look at .pcap file, and give me any comments.

    Rename Cookie_Problem_HTTP.txt to Cookie_Problem_HTTP.rar

    Thanks a lot for your interest in helping me.

    Subject: Re: Cookies
    Replied by: David Staudt on 04-07-2008 04:30:45 PM
    I haven't used the attachment feature on these new forums yet...did you try and attach a file? I don't see any indication there is an attachment.

    If you did and it's not showing up, I'll investigate the forum functionality and see what's up. In the meantime, you can upload to ftp://ftp-sj.cisco.com/incoming (Cisco.com username/pw) and post the file name here.

    Subject: Re: Cookies
    Replied by: Kenneth Aasgrav on 07-07-2008 07:47:17 AM
    I tried to attach the file, but I gess it didn't work. I have now uploaded the file to the ftp server.

    Thanks.

    Edited by: Kenneth Aasgrav on 07.jul.2008 03:48