By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
443,309 Members | 1,452 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 443,309 IT Pros & Developers. It's quick & easy.

Do domains override cookies? Why?

P: n/a
I think I may have a problem with the user of cookies in my centralized
logon and registration system that I hoped could be consumed by all the
sub-domains on my remote host IP.

I built the application in the root of the IP and redirect the user back to
his requested page after his Login. Just before this I set a permanent
cookie.

But, it appears when the user gets back to the page its GONE.

However, if I go to the same address via IP and correct folder path IT is.

How can this be...I thought a cookie was written to the browser...what
difference does the domain make....can I salvage this application without
having to deploy it in mutliple sub-domains?

Appreciate any help here.
Jason
Jul 19 '05 #1
Share this Question
Share on Google+
7 Replies


P: n/a
Ok...I just figured this out in my head...if this was not so, I could read
cookies set by eg: Amazon...this makes sense.

But, surely since I control the domains and sub-webs on my remote web host
IP I should be able to somehow work around this.....

I cannot believe one has to deploy duplcate registration/login systems to
seperate folders on the same IP even if they have different domains?

There must be a way for me to overcome this?

Appreciate some help here.

Thanks
Jason
<ja***@catamaranco.com> wrote in message
news:ud***************@tk2msftngp13.phx.gbl...
I think I may have a problem with the user of cookies in my centralized
logon and registration system that I hoped could be consumed by all the
sub-domains on my remote host IP.

I built the application in the root of the IP and redirect the user back to his requested page after his Login. Just before this I set a permanent
cookie.

But, it appears when the user gets back to the page its GONE.

However, if I go to the same address via IP and correct folder path IT is.

How can this be...I thought a cookie was written to the browser...what
difference does the domain make....can I salvage this application without
having to deploy it in mutliple sub-domains?

Appreciate any help here.
Jason

Jul 19 '05 #2

P: n/a
ja***@catamaranco.com wrote:
Ok...I just figured this out in my head...if this was not so, I could
read cookies set by eg: Amazon...this makes sense.

But, surely since I control the domains and sub-webs on my remote web
host IP I should be able to somehow work around this.....

I cannot believe one has to deploy duplcate registration/login
systems to seperate folders on the same IP even if they have
different domains?

There must be a way for me to overcome this?


Use a database instead of cookies.

Bob Barrows
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"
Jul 19 '05 #3

P: n/a
My system is built on top of a database. If the user does not have cookies
he has to login each time to see the desiired page...problem getting the
cookies across domains.

I did consider this idea:
http://www.asp101.com/articles/chris...es/default.asp
...but seems messy.

I also realise Aaron has a different approach with his js shopping
cart...but unclear how to adapt my code to fit either of the above models.

- Jason
"Bob Barrows [MVP]" <re******@NOyahoo.SPAMcom> wrote in message
news:uX**************@TK2MSFTNGP12.phx.gbl...
ja***@catamaranco.com wrote:
Ok...I just figured this out in my head...if this was not so, I could
read cookies set by eg: Amazon...this makes sense.

But, surely since I control the domains and sub-webs on my remote web
host IP I should be able to somehow work around this.....

I cannot believe one has to deploy duplcate registration/login
systems to seperate folders on the same IP even if they have
different domains?

There must be a way for me to overcome this?


Use a database instead of cookies.

Bob Barrows
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"

Jul 19 '05 #4

P: n/a
Bob, as I understand it the Database ID approach (instead of cookies or
sessions) involves generating a unique id for a user when he enters the site
or my 'secure page' for the first time...I understand this. But this is what
I don't get:

1. Even If I generate a random ID for the user, how will I know or
'Remember' who is he is the next time he enters the site...as soon he leaves
that resident
ID in the database user table cannot be assigned back to him on his return
as I have no idea who is he is.

I understand that is great for tracking Anon users around the site but even
if force him to register or re-login in a certain point I still don't see
how I can 'remember' who is without using cookies.

Thanks
Jason


<ja***@catamaranco.com> wrote in message
news:%2******************@tk2msftngp13.phx.gbl...
My system is built on top of a database. If the user does not have cookies
he has to login each time to see the desiired page...problem getting the
cookies across domains.

I did consider this idea:
http://www.asp101.com/articles/chris...es/default.asp
..but seems messy.

I also realise Aaron has a different approach with his js shopping
cart...but unclear how to adapt my code to fit either of the above models.

- Jason
"Bob Barrows [MVP]" <re******@NOyahoo.SPAMcom> wrote in message
news:uX**************@TK2MSFTNGP12.phx.gbl...
ja***@catamaranco.com wrote:
Ok...I just figured this out in my head...if this was not so, I could
read cookies set by eg: Amazon...this makes sense.

But, surely since I control the domains and sub-webs on my remote web
host IP I should be able to somehow work around this.....

I cannot believe one has to deploy duplcate registration/login
systems to seperate folders on the same IP even if they have
different domains?

There must be a way for me to overcome this?


Use a database instead of cookies.

Bob Barrows
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"


Jul 19 '05 #5

P: n/a
Ok, I took a look at the cart example off aspfaq. I entered the site three
time in 5 minutes and was assigned a unique id:

(7) 127.0.0.18/21/2004 2:42:57 PM8/21/2004 2:43:03 PM
(8) 127.0.0.18/21/2004 2:48:05 PM8/21/2004 2:48:05 PM
(9)127.0.0.18/21/2004 2:48:06 PM8/21/2004 2:51:23 PM

This means I one person could end up having hundreds of unique ides and this
is PRIOR to getting him to login or register for the first time.

Does this not create huge database performance overheads - even in sql
server.....

As my sites are built informational pages that require registration or
re-logging in I am struggling to work out how to use this system.

Would I have to assign a 'Master ID' once he registers which all the
previous anon ids are linked to.......

Thanks
Jason

Jul 19 '05 #6

P: n/a
<ja***@catamaranco.com> wrote in message
news:uD*************@TK2MSFTNGP11.phx.gbl...
: Ok, I took a look at the cart example off aspfaq. I entered the site three
: time in 5 minutes and was assigned a unique id:
:
: (7) 127.0.0.18/21/2004 2:42:57 PM8/21/2004 2:43:03 PM
: (8) 127.0.0.18/21/2004 2:48:05 PM8/21/2004 2:48:05 PM
: (9)127.0.0.18/21/2004 2:48:06 PM8/21/2004 2:51:23 PM
:
: This means I one person could end up having hundreds of unique ides and
this
: is PRIOR to getting him to login or register for the first time.
:
: Does this not create huge database performance overheads - even in sql
: server.....
:
: As my sites are built informational pages that require registration or
: re-logging in I am struggling to work out how to use this system.
:
: Would I have to assign a 'Master ID' once he registers which all the
: previous anon ids are linked to.......

Jason...

A cookie is stored on a client. You are gambling that the user will never
delete the cookie. If they do, they have to get a new cookie so what is the
difference with using a GUID vs a cookie? The GUID is stored in the
database so you know who the user is each time, however, they will have to
logon or you could also use a cookie and log them in if it's set, if not,
offer them to either logon with their username/password if a repeat visitor
or allow them to create an account if they're new.

Users are used to logging in. If you rely on a client-side solution, you
have no control over it's longevity. If you use GUIDs, you have control but
the users have to logon, IF their cookie is not set, considering you use
both. The only other option is don't track them.

--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
WSH 5.6 Documentation - http://msdn.microsoft.com/downloads/list/webdev.asp
MSDN Library - http://msdn.microsoft.com/library/default.asp
Jul 19 '05 #7

P: n/a
Hi Roland....actually my current system degrades gracefully depending on
whether:

1. Cookies disabled
2. Cookies deleted

If either of these conditions is true I FORCE the user to login each and
every time he comes through a secure page.

I have also made sure there is an additionaly database check for the expiry
date which overrides the cookie expiry date if need be.

I now understand that the GUID approach does not allow 'REMEMBERENCE' that
cookies can allow. This is what is was throwing me.

When I was looking at Aaron's example I thought perhaps there was some
rememberence in there but now I realise it only lasts for the
duration of the user session and it is up to me to still add in login
security with NO rememberence.

I am now trying to work out a way to allow my centralized IP lognn system to
be consumed by children domains on the IP.

I realise that cookies do not work across domains but I have found two
possible solutions:

1. Javascript include:
http://www.pathlore.com/customer/sup...ip_may2003.asp

2. Image download method:

http://www.eggheadcafe.com/ng/micros...asp.components
/post196513.asp

3. Redirect method:

http://www.asp101.com/articles/chris...es/default.asp

- Jason


My biggest problem now is finding a way
"Roland Hall" <nobody@nowhere> wrote in message
news:uT**************@TK2MSFTNGP11.phx.gbl...
<ja***@catamaranco.com> wrote in message
news:uD*************@TK2MSFTNGP11.phx.gbl...
: Ok, I took a look at the cart example off aspfaq. I entered the site three : time in 5 minutes and was assigned a unique id:
:
: (7) 127.0.0.18/21/2004 2:42:57 PM8/21/2004 2:43:03 PM
: (8) 127.0.0.18/21/2004 2:48:05 PM8/21/2004 2:48:05 PM
: (9)127.0.0.18/21/2004 2:48:06 PM8/21/2004 2:51:23 PM
:
: This means I one person could end up having hundreds of unique ides and
this
: is PRIOR to getting him to login or register for the first time.
:
: Does this not create huge database performance overheads - even in sql
: server.....
:
: As my sites are built informational pages that require registration or
: re-logging in I am struggling to work out how to use this system.
:
: Would I have to assign a 'Master ID' once he registers which all the
: previous anon ids are linked to.......

Jason...

A cookie is stored on a client. You are gambling that the user will never
delete the cookie. If they do, they have to get a new cookie so what is the difference with using a GUID vs a cookie? The GUID is stored in the
database so you know who the user is each time, however, they will have to
logon or you could also use a cookie and log them in if it's set, if not,
offer them to either logon with their username/password if a repeat visitor or allow them to create an account if they're new.

Users are used to logging in. If you rely on a client-side solution, you
have no control over it's longevity. If you use GUIDs, you have control but the users have to logon, IF their cookie is not set, considering you use
both. The only other option is don't track them.

--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
WSH 5.6 Documentation - http://msdn.microsoft.com/downloads/list/webdev.asp MSDN Library - http://msdn.microsoft.com/library/default.asp

Jul 19 '05 #8

This discussion thread is closed

Replies have been disabled for this discussion.