Get Help:Ask a Question in our Forums|Report a Bug|More Help Resources
Last post Feb 05, 2013 03:26 PM by NapstrPSX
Feb 05, 2013 03:06 PM|LINK
I have no problems creating a cookie and reading it as long as it is under the same host. However, when I try to create a cookie on one of our Intranet pages, then direct to a site that's on our web server it fails when trying to read the cookie.
So, the user starts on this page:
this code runs:
Dim FilerCookie As New HttpCookie("FilerCookie")
FilerCookie("EFile_ID") = Encryption.EncryptData(intEFile_ID)
If IsNothing(FilerCookie) Then
User is then directed to: http://oursite.me.com/Filers/Form.aspx in a new window...
On page load it fails on this code when it tries to read the cookie and kicks me to login page:
Dim FilerCookie As HttpCookie
If IsNothing(Request.Cookies("FilerCookie")) Then Response.Redirect("PFD_Filer_Login.aspx")
I have tried resolving the issue by using these lines of code before adding/setting the cookie but it still doesn't work:
FilerCookie.HttpOnly = True
FilerCookie.Domain = "oursite.me.com"
Any help much appreciated!
Feb 05, 2013 03:12 PM|LINK
This is by design, it would be a huge security issue if any site could read the cookies from any other site.
Feb 05, 2013 03:15 PM|LINK
So... is there nothing I can do? Even if the sites are in the same domain? How does the public recognize the difference between a cookie it created and another site?
Feb 05, 2013 03:20 PM|LINK
It's the browser that does cookie management for you, and it will only post the cookies that are valid for the domain. An alternative would be something that resolves your internal IP so something that seems like a sub-domain, so you would go to local.yourdomain.com
rather than the IP you have listed and www.yourdomain.com would be the public version.
Feb 05, 2013 03:26 PM|LINK
I see, thank you.
Well, instead of
I can use
and it's the same page... does that help at all? I'm not familiar with working with subdomains. If this is going to be a somewhat complicated issue, I have another idea that will work... and that involves passing in encrypted data through QueryStrings,
just not as clean of a solution as I originally hoped.