getting cookies with asp

Forum Moderators: open

Message Too Old, No Replies

getting cookies with asp

on a secure site

mattglet

8:55 pm on Mar 26, 2003 (gmt 0)

is it possible to request a cookie via on a secure site?

i.e.

from my secure server:
cartid = request.cookies("mycookie")("cartid")

my cookies ARE established on the local machine, and are able to be accessed from the public site, but once i go to my secure server, i cannot pull it. any thoughts?

RossWal

10:19 pm on Mar 26, 2003 (gmt 0)

Is the broswer recognizing it as being the same site? Is it accesseed via the same URL? Are the two versions of the sites creating two cookie files on the client?

mattglet

10:32 pm on Mar 26, 2003 (gmt 0)

the cookie is being accessed from 2 different URL's. i am calling the cookie exactly the same way on the public site, as i am on the secure site. there is only one version of the cookie on the client.

mattglet

5:01 am on Mar 27, 2003 (gmt 0)

well, i found my answer, and i thought i'd share:

by default, a cookie can only be read from the domain it was created on. so, if you create the cookie under the domain www.webmasterworld.com, only WebmasterWorld can read it. my problem was this:

i was creating the cookie under my domain, and was trying to read it from my secure site, which is hosted on a different domain.

you can specify the domain of the cookie by using the Domain property of the Cookies collection.

ex: response.cookies("test").domain = "www.yourdomain.com"

mattglet

5:01 pm on Mar 27, 2003 (gmt 0)

well, i found my answer, but didn't fix my problem. here's my code:

Response.Cookies("securecart") = idShoppingCart
Response.Cookies("securecart").secure = true
Response.Cookies("securecart").domain = ".mysecuredomain.net"
Response.Cookies("securecart").path = "/mypath"

any thoughts or experience?

mattglet

5:15 pm on Mar 28, 2003 (gmt 0)

has no one really ever used cookies between 2 different domains?

RossWal

5:26 pm on Mar 28, 2003 (gmt 0)

Sorry, I have not.

I guess you might need to maintain two sets of identical cookies, one for each domain. From domain1 you set cokkies normall, and also overridden to domain2. From domain2 you set cookies normally, and also overridden to domain1.

But as I think about it, why would the browser allow you to set cookies for another domain? That would be a total breach of security. So what is writeable domain property for? I dunno..... hopefully someone will chime in.

Since this is not strictly a MS issue, you might do better asking the non-ASP portion of the question in the HTML forum.

mattglet

6:07 pm on Mar 28, 2003 (gmt 0)

well, the whole reason i am doing this is that my public site is on one domain, and my secure site is hosted on another (my hosting company is all messed up, and i have to follow suit). so that's why i need to write a cookie, to store some info for my seecure site to access. yes, it's all one big clusterf_.