Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / General / December 2007

Tip: Looking for answers? Try searching our database.

Issues passing cookies between apps on same box

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Andy - 10 Dec 2007 16:21 GMT
Hi,
I'm having issues with what I'm *sure* is a simple problem.

Basically having a problem passing a cookie between two sites.
On Site A you sign in, and create a cookie with the users ID in it
When the user wants to purchase anything (and enter CC details) we want to
pass the user to the secure site, which is on the same server.
Alas the cookie is not being picked up on the secure site.

a) Both sites are on the same box
b) Works on my development pc, but not on the DEV box (that old chestnut!)
c) The secure site isn't https - we only have the certificate on the
production site, so this isn't an https issue
d) ASP.NET 1.1 (yes, I know...) moving soon
e) After a bit of googling I've  added a machnekey section (below) to
web.config, but this hasn;t changed anything - still the same issue.

<machineKey
validationKey="F6EF6C186BDB1A9630BB84301322B022D4249CFF98407D3D67284AE441B4309F06B5A1B9D7DC37E645783CFB7DC2C79CC297812BB968B9816EF08DFBD0D98D77"
            decryptionKey="AAAD8D2655F03CC1EDE43DEF9D8BFBD436773295D0D78C9C"
            validation="SHA1" />

If anyone has any ideas it'd be most appreciated.

I take it cookies is the way to go here? We're using forms authentication. I
do not want to pass anything in a query string! :)

Thanks
Reply to this Message
Scott Roberts - 10 Dec 2007 19:31 GMT
> I'm having issues with what I'm *sure* is a simple problem.

The problem is simple. The solution, maybe not.

> Basically having a problem passing a cookie between two sites.
> On Site A you sign in, and create a cookie with the users ID in it
> When the user wants to purchase anything (and enter CC details) we want to
> pass the user to the secure site, which is on the same server.
> Alas the cookie is not being picked up on the secure site.

This is by design. A browser does not (and should not) give cookies from one
site to a completely different site. For example, you wouldn't want the
cookie generated by your site to be passed to, say, Google, would you?

> a) Both sites are on the same box

Doesn't matter. One box can host hundreds of sites, that doesn't mean they
should share information.

> b) Works on my development pc, but not on the DEV box (that old chestnut!)

That's probably because they are not really different sites on your
development pc. I bet when you run everything on your development pc that
all URLs start with http://localhost, right? If so, the browser thinks they
are all the same site. When you put it on the "DEV" box I bet the URLs are
different (e.g. http://www.mysite.com and http://secure.mysite.com or
something like that), right?

> c) The secure site isn't https - we only have the certificate on the
> production site, so this isn't an https issue

Right on.

> d) ASP.NET 1.1 (yes, I know...) moving soon

Doesn't matter.

> e) After a bit of googling I've  added a machnekey section (below) to
> web.config, but this hasn;t changed anything - still the same issue.
[quoted text clipped - 3 lines]
> decryptionKey="AAAD8D2655F03CC1EDE43DEF9D8BFBD436773295D0D78C9C"
> validation="SHA1" />

You'll still need that bit of info once you get the cookie situation worked
out.

> If anyone has any ideas it'd be most appreciated.

Assuming that your problem is domain-related, this article might help:

http://brennan.offwhite.net/blog/2006/09/25/multiple-site-authentication-with-as
pnet-20/

> I take it cookies is the way to go here? We're using forms authentication.
> I
> do not want to pass anything in a query string! :)

I agree.
Reply to this Message
Andy - 11 Dec 2007 13:32 GMT
Hi Scott,

Many thanks for the reply
very helpful, especially the link.
http://brennan.offwhite.net/blog/2006/09/25/multiple-site-authentication-with-as
pnet-20/

Alas that deals with asp.net 2.0. I'm still stuck with asp.net 1.1 until
January.
Needless to say I haven't got until Jan to fix, so I'm still looking.

Cheers
Reply to this Message
Scott Roberts - 11 Dec 2007 15:31 GMT
Hmmm, you did say that you were using 1.1. But then I was under the
impression that you were using the MS aspnet membership stuff, which comes
with 2.0, so I'm a little confused.

Regardless, I think your problem is just a cookie/domain problem. So try
manipulating that and see what you get.

Here's a sample that appears to be using 1.1:

http://groups.google.com.hk/group/microsoft.public.dotnet.framework.aspnet/brows
e_thread/thread/88d603eedd030a57/11968cc384577926

Scott

> Hi Scott,
>
[quoted text clipped - 7 lines]
>
> Cheers
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.