Issue: I have a blended ASP/WC site where I am implementing security. On first hit to any page, I check to see if the WWSESSIONID cookie exists among other things. If not, I redirect to a WCS script that has the user log in (using NT Authentication). I am limiting concurrent users, so I also check for this. When finished, I redirect back to the calling page (sometimes ASP, sometimes WCS).

Cookies can't be attached to redirects or authentication requests - the browser will not accept the HTTP header from these requests. Hence you can't use Redirects or authentication pages for generating cookies. One workaround is to have a page with the Meta Refresh that loads, sets the cookie and immediately Redirects from there. Since the browser loads the page then it also accepts the cookie.

The HTML for this intermediary page looks something like this:

<HTML>
<HEAD>
<META HTTP-EQUIV='Refresh' 
      CONTENT='2; URL=http://www.west-wind.com/wconnect/SomeCode.wcs'>
</HEAD>
<body>
Hang on...<br>
Redirecting to content page.
</body>

Here's an example that forces a logon. In wwYourProcess::Process I check for the SessionId like this:

IF !INLIST(UPPER(lcPagename),NOPASSWORDMETHODS)
    *** Make sure user logs in prior to going anywhere!
    lcSessionId = Request.GetCookie('adnUserId')

    THIS.oSession=CREATE([WWC_wwSession])
    IF !THIS.oSession.IsValidSession(lcSessionId)
       *** Call the Login Method below which is 
       *** a standalone process request 
	   THIS.LogIn()
	   RETURN
    ENDIF
ENDIF

In the actual Login routine then (This login form happens to be an DHTML form so there's a little extra code here):

FUNCTION Login

lcAction = UPPER(Request.Form('btnSubmit'))
IF lcAction = 'CANCEL'
   Response.Redirect('/')
ENDIF

loLogon = CREATE('wwWebLogon')
loForm = CREATE('wwLoginDialog',loLogon)

oHTMLForm = CREATE('wwHTMLForm',loForm)
oHTMLForm.lShowAsFullHTML=.F.
oHTMLForm.lShowFormCaption=.T.    && Show VFP Title Bar
oHTMLForm.lAbsolutePosition=.F.   && Float form
oHTMLForm.cFormAction=Request.GetCurrentUrl()

IF lcAction = 'LOGIN'
   oHTMLForm.SetValues(Request)
   IF loForm.Login()  && Login Validation happens here!
      lcSessionId=THIS.oSession.NewSession()
      
      *** Force HTML object to add the Cookie in Header creation
      THIS.oResponse.cAutoSessionCookieName = 'adnUserId'
      THIS.oResponse.cAutoSessionCookie = lcSessionId

      *** Retrieve the full current URL so we redirect to it! 
      lcUrl = Request.GetCurrentUrl()
      IF ATC('~Login',lcUrl) > 0
         lcUrl = 'wc.acx?acxiom'
      ENDIF

      lcUserName = loForm.oWebLogon.oUser.FullName   
      Response.Rewind()
      Response.ContentTypeHeader()
      Response.Send('<HTML><HEAD>')
      Response.MetaRefresh(lcUrl,2)
      Response.Write('</HEAD><BODY>')
      Response.Write([<span style='Font:normal normal 10pt 'Verdana''>Welcome ] + ;
                     lcUserName + '<p>'+;
                     [Login complete. Hang on a sec...</span>])
      RETURN
   ENDIF 
ENDIF

*** If we're still here on Login an error occurred
IF lcAction = 'LOGIN'
   *** Force the form to display the error message
   loForm.SetErrorMessage()
ENDIF

oHTMLForm.ShowContainer()

pcLoginForm = oHTMLForm.GetOutput()

lcPath = AddBs(JustPath(lcPhysicalPath))
Response.ExpandTemplate(lcPath + 'login.acx')

ENDFUNC
* Login

In this case the Response.MetaRefresh method handles creation of the refresh link.