starwiz Posted July 6, 2003 Posted July 6, 2003 When a user enters my site, I write out an ID for that hit to a session variable...my session IDs are kept in cookies. Everything works well for what I'm trying to do...until the user moves to the secure portion of my site. As soon as he or she does that, the session cookie in which I keep the ID is invalidated, and I lose the cookie. The secure domain is simply "secure.mydomain.com". I could store the session ID in the URL, but there are other problems working against that; I'd rather keep it in a cookie. So how can I keep the cookie (and the user session) across two domains? Thanks for your help; I really appreciate it. -Starwiz Quote
*Gurus* Derek Stone Posted July 6, 2003 *Gurus* Posted July 6, 2003 If you set the Domain property of the cookie to "mydomain.com", you should have no problems reading it from "secure.mydomain.com". Sessions cookies are invalidated when the browser is closed, not when the user leaves the site. Quote Posting Guidelines
starwiz Posted July 6, 2003 Author Posted July 6, 2003 First of all, because they're cookies created by ASP.net for session variables, I'm not sure how to change the domain property of them. Secondly, if the domain property of those cookies is automatically set correctly by ASP.net, what else could be causing this problem, and how would I go about fixing it? (i.e. why would it seem like I'm losing the cookie, and how can I fix it?) Quote
*Gurus* Derek Stone Posted July 7, 2003 *Gurus* Posted July 7, 2003 When a session starts write out its associated ID to a cookie and poll it from the secure server when need be. You will not be able to keep the session across the servers, however the ID you wrote out to the cookie will be accessible from the secure server, allowing you to create a new session and continue the user's transaction seamlessly. Realize this isn't elegant, but session nature is the inhibitive factor in this case. Quote Posting Guidelines
starwiz Posted July 12, 2003 Author Posted July 12, 2003 When a session starts write out its associated ID to a cookie and poll it from the secure server when need be. I'm trying that, and it's not working. If the domain of the cookie is secure.mydomain.com, it can only be written to the user's computer from secure.mydomain.com. The user doesn't enter secure.mydomain.com first, so I can't write it out like that. However, this cookie can be read by the secure site. If I change the domain of that cookie to mydomain.com, my program in the secured portion of the site cannot read the cookie (this very well could be a problem with my code...I haven't a clue), and that cookie cannot be written by the secured pages. What am I doing wrong? In case it helps, my code for reading and writing the cookie follows: Public Sub WriteSessionHitID() AdvanceNextHitID() mySession(SessionHitIdName) = NextHitID - 1 'NextHitID is a property that returns an int Dim Cookie As New System.Web.HttpCookie(CookieName) 'cookiename is a constant... Cookie.Domain = CookieDomain 'Cookiedomain is a constant for the domain of the cookie Cookie.Secure = True 'doesn't seem to make a difference Cookie.Expires = System.DateTime.Now.AddDays(CookieDays) 'currently, cookiedays = 1...it's another constant Cookie.Value = NextHitID - 1 myResponse.Cookies.Add(Cookie) End Sub Public ReadOnly Property SessionHitID() As Integer Get Try 'try to get it from the session first Return CInt(mySession(SessionHitIdName)) 'if this doesn't work, try the cookie, accessed by the secure site Catch Try 'try to get it from the cookie, next Return CInt(myRequest.Cookies(CookieName).Value) 'if the cookie isn't out there either... Catch Return 0 End Try End Try End Get End Property Thanks a lot for any help you can give me... -Starwiz Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.