All geek questions in one place

Cross Domain Issues (ASP.NET)

I have a problem with cross-domain cookies. I read a lot of documentation on sharing cookies between subdomains. The main idea of ​​all articles is to set the Domain property to something like ".mydomain.com". I created two domains on the local IIS server - test1.local.boo and test2.local.boo. They work great and are visible in the browser. I have the following code:

Site test1 - Records a cookie:

HttpCookie myCookie = new HttpCookie("TestCookie"); myCookie.Domain = ".local.boo"; myCookie["msg"] = "Welcome from Cookie"; Response.Cookies.Add(myCookie);

Site test2 - Read cookie:

 HttpCookie cookie = Request.Cookies["TestCookie"]; if (cookie != null) { Response.Write(cookie["msg"]); } else { Response.Write("FAILED"); }

This code always shows a FAILED message. Thus, this means that the second site cannot read cookies from the same subdomain. Where is my mistake?

+4
source share
5 answers

You can check if browser headers return cookies using a web debugger such as fiddler .

It will show you the headers and cookies sent for each request and response so that you can see if the correct domain has been set and what happens to the request for the second domain.

+1
source

Hmm ... The problem was in the browser ... Opera does not send cookies to another site in the same subdomain. Firefox and IE work fine. Anyway, thank you guys!

Some notes: if you want to delete such a cookie from another subdomain, you need to set the Domain property to something like: .mydomain.com - I spent a lot of time trying to figure it out. Hope this helps someone.

+1
source

In IIS 7

Add this to your web.config

 <system.webserver> <httpProtocol> <customHeaders> <add name="p3p" value="CP=&quot;NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM&quot;" /> </customHeaders> </httpProtocol> </system.webServer>

In II6.

  • Run inetmgr
  • Expand [Server] > Websites
  • Right click on [Your site]
  • The properties
  • HTTP headers
  • Add ...
  • Custom Header Name: p3p
  • Custom Header Value: CP = "NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
  • Ok
  • Ok
+1
source

Try setting the expires attribute, or its possible, so that it is deleted when the session ends.

0
source

Try setting a future expiration date:

 cookie.Expires = DateTime.Now.AddYears(5);
0
source

Source: https://habr.com/ru/post/1308045/

More articles:


All Articles