473,883 Members | 1,684 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Issues passing cookies between apps on same box

Hi,
I'm having issues with what I'm *sure* is a simple problem.

Basically having a problem passing a cookie between two sites.
On Site A you sign in, and create a cookie with the users ID in it
When the user wants to purchase anything (and enter CC details) we want to
pass the user to the secure site, which is on the same server.
Alas the cookie is not being picked up on the secure site.

a) Both sites are on the same box
b) Works on my development pc, but not on the DEV box (that old chestnut!)
c) The secure site isn't https - we only have the certificate on the
production site, so this isn't an https issue
d) ASP.NET 1.1 (yes, I know...) moving soon
e) After a bit of googling I've added a machnekey section (below) to
web.config, but this hasn;t changed anything - still the same issue.

<machineKey
validationKey=" F6EF6C186BDB1A9 630BB84301322B0 22D4249CFF98407 D3D67284AE441B4 309F06B5A1B9D7D C37E645783CFB7D C2C79CC297812BB 968B9816EF08DFB D0D98D77"
decryptionKey=" AAAD8D2655F03CC 1EDE43DEF9D8BFB D436773295D0D78 C9C"
validation="SHA 1" />

If anyone has any ideas it'd be most appreciated.

I take it cookies is the way to go here? We're using forms authentication. I
do not want to pass anything in a query string! :)

Thanks
Dec 10 '07 #1
3 1857
I'm having issues with what I'm *sure* is a simple problem.
The problem is simple. The solution, maybe not.
Basically having a problem passing a cookie between two sites.
On Site A you sign in, and create a cookie with the users ID in it
When the user wants to purchase anything (and enter CC details) we want to
pass the user to the secure site, which is on the same server.
Alas the cookie is not being picked up on the secure site.
This is by design. A browser does not (and should not) give cookies from one
site to a completely different site. For example, you wouldn't want the
cookie generated by your site to be passed to, say, Google, would you?
a) Both sites are on the same box
Doesn't matter. One box can host hundreds of sites, that doesn't mean they
should share information.
b) Works on my development pc, but not on the DEV box (that old chestnut!)
That's probably because they are not really different sites on your
development pc. I bet when you run everything on your development pc that
all URLs start with http://localhost, right? If so, the browser thinks they
are all the same site. When you put it on the "DEV" box I bet the URLs are
different (e.g. http://www.mysite.com and http://secure.mysite.com or
something like that), right?
c) The secure site isn't https - we only have the certificate on the
production site, so this isn't an https issue
Right on.
d) ASP.NET 1.1 (yes, I know...) moving soon
Doesn't matter.
e) After a bit of googling I've added a machnekey section (below) to
web.config, but this hasn;t changed anything - still the same issue.

<machineKey
validationKey=" F6EF6C186BDB1A9 630BB84301322B0 22D4249CFF98407 D3D67284AE441B4 309F06B5A1B9D7D C37E645783CFB7D C2C79CC297812BB 968B9816EF08DFB D0D98D77"
decryptionKey=" AAAD8D2655F03CC 1EDE43DEF9D8BFB D436773295D0D78 C9C"
validation="SHA 1" />
You'll still need that bit of info once you get the cookie situation worked
out.
If anyone has any ideas it'd be most appreciated.
Assuming that your problem is domain-related, this article might help:

http://brennan.offwhite.net/blog/200...ith-aspnet-20/
>
I take it cookies is the way to go here? We're using forms authentication.
I
do not want to pass anything in a query string! :)
I agree.

Dec 10 '07 #2
Hi Scott,

Many thanks for the reply
very helpful, especially the link..
http://brennan.offwhite.net/blog/200...ith-aspnet-20/

Alas that deals with asp.net 2.0. I'm still stuck with asp.net 1.1 until
January.
Needless to say I haven't got until Jan to fix, so I'm still looking.

Cheers
Dec 11 '07 #3
Hmmm, you did say that you were using 1.1. But then I was under the
impression that you were using the MS aspnet membership stuff, which comes
with 2.0, so I'm a little confused.

Regardless, I think your problem is just a cookie/domain problem. So try
manipulating that and see what you get.

Here's a sample that appears to be using 1.1:

http://groups.google.com.hk/group/mi...968cc384577926

Scott
"Andy" <An**@discussio ns.microsoft.co mwrote in message
news:B7******** *************** ***********@mic rosoft.com...
Hi Scott,

Many thanks for the reply
very helpful, especially the link..
http://brennan.offwhite.net/blog/200...ith-aspnet-20/

Alas that deals with asp.net 2.0. I'm still stuck with asp.net 1.1 until
January.
Needless to say I haven't got until Jan to fix, so I'm still looking.

Cheers
Dec 11 '07 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
7791
by: Paul | last post by:
Hmmm, didn't seem to work. I have set session.use_cookies = 1 and session.use_trans_sid = 1 in my php.ini file. Index.php contains: ---------------------------------------------------------------------------- <?php ini_set("session.use_cookies", "off"); ini_set("session.use_trans_sid", "on"); session_start(); $_SESSION = ""; $_SESSION = ""; echo "<form method='POST' action='login.php'>
10
2481
by: vbMark | last post by:
Hello, I am doing this: window.location="page2.php?subj="+subj+"&body="+body; to send information to another page. However, I don't want that second page to show up or display in any way. There is only behind-the-scenes work going on in that page.
6
2569
by: Tom | last post by:
I know how to create a cookie using the HttpCookie. I know about setting its domain so it can be shared. So I have created a cookie on web site A and set it to expire in 10 minutes. Now I am on web site B, in VS.NET C# and I want to access the cookie created on web site A.
10
3106
by: Robert | last post by:
I have an app that was originally 1.1, now migrated to 2.0 and have run into some sporadic viewstate errors...usually saying the viewstate is invalid, eventvalidation failed or mac error. My web config does specify a machinekey setting: <machineKey validationKey="447C05E8B3A71401CC4CAE5513A7F1A3494A3618EE819316AAD1D58433F236A759D66FB4154500E01EB4E1BC1DE42046E2D652D391CB8367A1649438867A02EB"...
0
1139
by: OG | last post by:
Hello, I would like to share cookies across various web based apps, and from what I understand your apps can do this as long as they all belong to the same domain. For example app1.mydomain.com can share cookies with app2.mydomain.com, as long as you specify ".mydomain.com" as the cookie's domain. However, I'm trying to share cookies in an environment where the domains are more like app1.A.mydomain.com and app2.B.mydomain.com. It's
62
5092
by: Tony Ciconte | last post by:
I have a rather complex commercial Acc2003 application (tab controls, 50K+ lines of VBA code, etc.) that will not run well at all on Windows Vista Ultimate. I have seen posts indicating that Acc2003 MDBs should work on Vista. However, our particular file has too many problems to be viable on a Vista platform. Even converting it to an Acc2007 accdb file has no positive effect. I realize that Vista is new and should be avoided like the...
22
14914
by: K. A. | last post by:
I have two servers at work, 'A' for testing and development, and server 'B' for production. On server A, I wrote a PHP test code to login users then direct them to a personalized page. This is done in 3 steps: Step 1. Normal http login page. Step 2. A page called login.php that takes the posted username, stores it as $_SESSION, and registers it session_register("username"); user is taken to the personalized page according to his username...
10
2045
BezerkRogue
by: BezerkRogue | last post by:
I am trying to use cookies to manage session states in an ASP.NET application. The states need to persist only while the browser session is open. My web.config setting is: <system.web> <sessionState cookieless="UseCookies"/> I have tried using the following code to create the cookies: Response.Cookies("FLI").Value = cmpFLI
5
1112
by: darrel | last post by:
This is an issue I brought up probably a year or so ago, got some advice, then was sidetracked on the project until now. So, here I am again. ;o) The situation is that we have an older chunk of code I've been tasked to maintain 'as-is'. It's a CMS we wrote in ASP.net 1.1 about 4 years ago. It works. But we have one major issue and that's when people log in, maybe 5% of the time, the end up with someone elses credentials. There's...
0
9942
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
0
9792
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
0
11142
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
1
10847
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
9574
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
1
7971
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
7129
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
5991
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
2
4220
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.