iis7 and set-cookie RRS feed

  • Question

  • User-279798588 posted

    I assume it is a known issue that IIS 7 will only set the last cookie that is put into the headers by a cgi application.

    Is there a timeframe for a fix on this issue.


    Lloyd Breckenridge

    Tuesday, April 24, 2007 2:08 AM

All replies

  • User511787461 posted
    This is a known problem - fix is already in longhorn server beta3 builds and will definitely be in vista sp1 - details of when/whether it will be released as a qfe before then are still being worked out.
    Saturday, April 28, 2007 8:15 AM
  • User1965066401 posted

    We have a hotfix available that solves this problem (KB article). We are working on getting the content of the KB to reflect the situation a little more accurately, sorry if it's a little confusing until we update it. This is the QFE that fixes the problem where IIS7 on Vista prevents all but the last cookie sent by a browser to actually be set.

    To get the hotfix, call Microsoft Customer Support Services (800-MICROSOFT or 800-642-7676) and give them the relevant KB article number (932385) and your OS platform. You'll get the hotfix right away.


    Saturday, July 21, 2007 12:28 AM
  • User-2026410440 posted

    A fix has now been released for this issue and is available for everyone to download.  You can read more about it here:  http://blogs.iis.net/bills/archive/2007/09/25/iis7-patch-for-windows-vista-fixes-cgi-php-applications-that-send-multiple-response-headers.aspx

    Tuesday, September 25, 2007 6:49 PM
  • User200939690 posted

    thank you for sharing... great post 

    Thursday, September 4, 2008 7:24 AM
  • User845868144 posted

    This problem is still happening if you are using a managed HttpFilter to filter FastCGI/PHP.

    (Vista SP2, using cgi.dll 7.0.6001.18000, which the hotfix will not update.)

    When FastCGI/PHP is done with the request and the filter stream is about to be flushed, HttpContext.Response.Headers shows only the last Set-Cookie that was set by PHP. Yet, all of the cookies are somehow magically received by the client. This makes me suspect that when the bug was fixed for the hotfix, it was done in an incomplete way that only addressed the symptom.

     It is a problem because I wish to examine the cookies that PHP is setting, on their way to the client.

    Tuesday, September 8, 2009 6:31 PM
  • User511787461 posted

    The bug you are hitting now is a bug in asp.net where it cannot provide multiple headers with the same name in the response/request header collections - since the header-name is the key in the collection - workaround would be to use a native module (CHttpModule) to examine the headers on the way out.

    Wednesday, September 9, 2009 1:24 PM
  • User1086955929 posted

    I am facing a similar kind of issue.

    I have just upgraded from IIS 6 to IIS 7.The request does not contain any cookiedata.I used fiddler to anlayse ,The response gives a cookie

    jsessionId but the request never has ant cookie jsession Id.I am using IE 8,Windows server 2008,IIS 7 and Weblogic 10.3.5

    Is there any setting that needs to be done in IIS to maintain cookie data.

    Please help.



    Monday, October 31, 2011 11:15 AM
  • User-1672167363 posted

    Hello @ pink123,

    You have a thread http://forums.iis.net/p/1182862/2001104.aspx#2001104 open

    for this question and the discussions will be in that thread.

    FYI: If your waiting for a reply from Anil Ruia he left the IIS Team some time ago. 

    Anil Ruia
    Senior Software Design Engineer
    IIS Core Server

    He did a lot for the IIS Forums users issues and questions.

    He is missed by the IIS Forums users including myself.





    Tuesday, November 1, 2011 8:35 AM