I have no problems creating a cookie and reading it as long as it is under the same host. However, when I try to create a cookie on one of our Intranet pages, then direct to a site that's on our web server it fails when trying to read the cookie.
Dim FilerCookie As New HttpCookie("FilerCookie")
FilerCookie("EFile_ID") = Encryption.EncryptData(intEFile_ID)
If IsNothing(FilerCookie) Then
Response.Cookies.Add(FilerCookie)
Else
Response.Cookies.Set(FilerCookie)
End If
ClientScript.RegisterStartupScript(Me.GetType, "javascript", "window.open('" & URL & "');", True)
User is then directed to: http://oursite.me.com/Filers/Form.aspx in a new window...
On page load it fails on this code when it tries to read the cookie and kicks me to login page:
Dim FilerCookie As HttpCookie
If IsNothing(Request.Cookies("FilerCookie")) Then Response.Redirect("PFD_Filer_Login.aspx")
I have tried resolving the issue by using these lines of code before adding/setting the cookie but it still doesn't work:
So... is there nothing I can do? Even if the sites are in the same domain? How does the public recognize the difference between a cookie it created and another site?
It's the browser that does cookie management for you, and it will only post the cookies that are valid for the domain. An alternative would be something that resolves your internal IP so something that seems like a sub-domain, so you would go to local.yourdomain.com
rather than the IP you have listed and www.yourdomain.com would be the public version.
and it's the same page... does that help at all? I'm not familiar with working with subdomains. If this is going to be a somewhat complicated issue, I have another idea that will work... and that involves passing in encrypted data through QueryStrings,
just not as clean of a solution as I originally hoped.
NapstrPSX
Member
3 Points
21 Posts
Creating cookie on Intranet page and reading it from public website
Feb 05, 2013 03:06 PM|LINK
I have no problems creating a cookie and reading it as long as it is under the same host. However, when I try to create a cookie on one of our Intranet pages, then direct to a site that's on our web server it fails when trying to read the cookie.
So, the user starts on this page:
http://10.74.1.11/Intranet/PFD/Filer_ViewUpdate.aspx
this code runs:
Dim FilerCookie As New HttpCookie("FilerCookie") FilerCookie("EFile_ID") = Encryption.EncryptData(intEFile_ID) If IsNothing(FilerCookie) Then Response.Cookies.Add(FilerCookie) Else Response.Cookies.Set(FilerCookie) End If ClientScript.RegisterStartupScript(Me.GetType, "javascript", "window.open('" & URL & "');", True)User is then directed to: http://oursite.me.com/Filers/Form.aspx in a new window...
On page load it fails on this code when it tries to read the cookie and kicks me to login page:
Dim FilerCookie As HttpCookie If IsNothing(Request.Cookies("FilerCookie")) Then Response.Redirect("PFD_Filer_Login.aspx")I have tried resolving the issue by using these lines of code before adding/setting the cookie but it still doesn't work:
Any help much appreciated!
AidyF
Star
9250 Points
1578 Posts
Re: Creating cookie on Intranet page and reading it from public website
Feb 05, 2013 03:12 PM|LINK
This is by design, it would be a huge security issue if any site could read the cookies from any other site.
NapstrPSX
Member
3 Points
21 Posts
Re: Creating cookie on Intranet page and reading it from public website
Feb 05, 2013 03:15 PM|LINK
So... is there nothing I can do? Even if the sites are in the same domain? How does the public recognize the difference between a cookie it created and another site?
AidyF
Star
9250 Points
1578 Posts
Re: Creating cookie on Intranet page and reading it from public website
Feb 05, 2013 03:20 PM|LINK
It's the browser that does cookie management for you, and it will only post the cookies that are valid for the domain. An alternative would be something that resolves your internal IP so something that seems like a sub-domain, so you would go to local.yourdomain.com rather than the IP you have listed and www.yourdomain.com would be the public version.
NapstrPSX
Member
3 Points
21 Posts
Re: Creating cookie on Intranet page and reading it from public website
Feb 05, 2013 03:26 PM|LINK
I see, thank you.
Well, instead of
http://10.74.1.11/Intranet/PFD/Filer_ViewUpdate.aspx
I can use
http://svr-intranet/Intranet/PFD/Filer_ViewUpdate.aspx
and it's the same page... does that help at all? I'm not familiar with working with subdomains. If this is going to be a somewhat complicated issue, I have another idea that will work... and that involves passing in encrypted data through QueryStrings, just not as clean of a solution as I originally hoped.