Sharing Cookies Across Different Domains And Different Applications?
Jan 24, 2011Is there a way to share cookies across different domains and different applications (classic ASP and ASP.NET)
View 4 RepliesIs there a way to share cookies across different domains and different applications (classic ASP and ASP.NET)
View 4 RepliesI have 2 applications. One on asp.net webforms [URL] which should provide authentication, user logs in and I can use the cookie to authenticate on my asp.net mvc app located at [URL]. All I'd like to do is able to access the cookie so I can get the userId that was stored in it using the FormsAuthentication.
They use normal authentication provided by microsoft;
<authentication mode="Forms">
<forms domain="test.com" loginUrl="Default.aspx" protection="All" path="/" requireSSL="false" timeout="45" name=".ASPXAUTH" slidingExpiration="true" defaultUrl="Default.aspx" cookieless="UseDeviceProfile" enableCrossAppRedirects="false"/>
</authentication>
This cookie should be accessible to any submain on [URL] right?
i want to maintain session data between two applications or domains [URL]. I have read on net about this, but many people pointing many different ways to do it, with people commenting +ve and -ve responses to all. Plus many are just providing theoretical answer, do this and that ,but no code at all. are these steps all that is required?
1) in web.config: <httpCookies domain=".[URL]"/>
2) store session data in sql DB as:(after preparing the db for storing sessions)
<sessionState mode="SQLServer" sqlConnectionString="Data Source=YourServer;
Integrated Security=True;database=MySessionDB" sqlCommandTimeout="30"
allowCustomSqlDatabase="true"/>
<machineKey decryption="AES" validation="SHA1" decryptionKey="..." validationKey="..." />
3)Am confused about this one: i want to set the domain for the session cookie like this
Response.Cookies["ASP.NET_SessionId"].Domain = ".[URL]";
But where should this code be written?
this entry: [URL]says: use System.Web.SessionState.SessionIDManager as a base class but the SaveSessionID method is not virtual so cannot be overridden. Options are: either explicitly re-implement the interface method or decorate SessionIDManager class and after calling SessionIDManager.SaveSessionID set Response.Cookies[SessionIdCookieName].Domain to our domain.
Only if the author had provided real code, step 3 would have been clear. Plus all this 3 steps enough to share session among the domains?
I have a .net webapplication with the following domains:
www.domain.com
sub.domain.com
files.domain.com
When a user is logged on to domain.com or sub.domain.com, I'd like them to share session state (i.e. be logged into both domains at once). This is possible to do by setting the domain on the session coookie to be ".domain.com". However, my problem is that the domain "files.domain.com" should not have session state due to security issues (xss attacks from user-made files hosted on that domain is an issue).
Is it possible in ASP.NET to use the same asp.net session id for these two domains, but not the third one?
So I know you can share your cookies across subdomains eg. staging.mysite.com and www.mysite.com etc by setting the domain of the cookies to ".mysite.com"
BUT, is there a way to share across all the sub domains EXCEPT one. e.g. the cookies will not persist on images.mysite.com?
Trying to share cookies accross 2 domains in asp.net, for some reason 1 domain has a '.' before the domain, and the other doesn't.
Why is that? e.g:
.staging.example.com
and
staging.example.com
Is this something to do with how I create the cookie, or a web.config change?I am not using forms authentication, just creating a cookie manually.
I am setting the cookie domain like:
HttpCookie c = new HttpCookie("blah");
c.Value = "123";
c.Expires = DateTime.Now.AddHours(12);
c.Domain = ".staging.example.com";
Response.Cookies.Add(c);
For some reason not getting the '.' in the cookie.
read a cookie of a site with a different domain? I am currently trying to avoid an extra of step of logging into a website that I am currently developing.
View 1 RepliesI have several applications in different domains with the same code, how feasible that through the admin domain [URL] read the file. aspx.
If I upgrade an application, I copied every current updates on all domains.
I could use to copy the file only once on the server [URL] and in all domains, the update fixes.
I'm working on an intranet system (.NET 3.5); the main pages are served up from a standard ASP.NET server. I would like to use Ajax on those pages to contact a WCF service running on a different machine, to retrieve data, do CRUD operations - the usual Ajax stuff.
The problem I'm trying to resolve is: can I take cookies which were set by the ASP.NET server, and include them on requests to the WCF service? If so, how?
My understanding is that JSONP bypasses XSS restrictions by "wrapping" the Ajax request within a standard <script src="MyAjaxCall?SomeData=SomeValue"> tag. With that in mind, it would seem I'm at the mercy of the browser as to which cookies (if any) will be included in MyAjaxCall. Since the cookies originate from the ASP.NET server, the browser likely won't include them in the call to WCF.
Since this is an intranet application, I cannot necessarily rely on domain wildcarding (*.mydomain.com) to make sure the cookies are shared across multiple machines - the client may well be accessing machines by their simple network name or even IP address directly.
edit: accepting Julian's answer, since using JS to manually grab a cookie's payload and jam it onto the URL seems like the only way to work-around the restriction (tho it feels somewhat inelegant :)
In my website I am maintaining cookies for the login so that if I open the browser again then no need to login again.
But when I am switching browser(from ie to ff or viceversa) then the cookies are lost and the user is not identified, I want to maintain them in this scenario also.
I have a web application (MainApplication) where many of the pages contain a custom Web Control that looks for some content in a cache. If it can't find any data within the cache, then it goes out to a database for the content. After retrieving the content, the Control displays the content on the page.
There is a web application (CMS) in a subdirectory within the aforementioned web application. Users use this CMS to update the content pulled in by the MainApplication.
When a user updates some content using the CMS, I need the CMS to clear the relevant portion of the cache used by the MainApplication. The problem is that, as two different web applications, they can't simply interact with the same static cache object.
The ideal solution would be to somehow share an instance of a cache object between both web applications.
Failing that, what would be the best (performance-wise) way of communicating between the two web applications? Obviously, writing/reading to a database would defeat the purpose. I was thinking about a flat file?
I begin with MVC and this technology is very efficient !
I would like to create several applications mapped with a common applicaton Users Accounts. The aim is to isolate logical parts. The problem is always the same : how to communicate easily between users db and appli db ? Do I continue to use my poor View mechanism from SQL Server (db1.Users.UserId inner join db2.Users.UserId) or is it a better way with super MVC?
I have to different .Net applications running simultaneously. Assume both are windows / web applications.When I update some data in application A
correspondingly data in application B must be updated.
I have multiple projects that need to share resource files (.resx) Suggestions have been made to move resource files to a separate assembly and have web projects reference it. Is there an example of how to do this?
Do I create a new Class Library project and move App_GlobalResource folder inside of that? I don't think that will work because code classes that are generated for resource files are marked as 'internal' which means that they can not be accessed outside of this assembly.
I have 2 almost identical asp.net (vb) applications. 1 Development and 1 Production.
They use forms authentication that is configured to run in SQL server. Both apps use the same aspnetdb database but have different application names.
The problem I have is:I have an Identical login for each app (same username, same password), but If I change profile information for that user in the development app, the changes are reflected in production app. This isn't what I want.
Is it possible to share a cache between multiple ASP.NET applications? The apps may reside on different servers. How can one achieve this requirement?
View 1 RepliesI would like to share the session variables between 2 applications. basically I have a website and in there I have 2 applications and want to share the session object betwen the two. Is there a way to set something in web.config to enable this?
View 2 RepliesI have an asp.net solution in which there are two web application projects (client website and admin website) and also a class liabrary project in the same solution . In the live production server, the admin web app is within the client app (eg: client site= [URL] and admin site=[URL]). A class (with static variables) in class liabrary is userd to cache data. My problem is that i cannot get the changes to the static cache by one web project reflected to the other (becoz, i think, they seem to load in seperate appdomains).
View 3 RepliesI have 2 applications App1 and App2 on same domain, both with Forms authentication, each using a different database instance for authentication.
First, I open a browser with application www.mydomain.com/App1 and log on.
After that, when I open another instance of the same browser with application www.mydomain.com/App2 and log on, first browser loses session and goes back to login page.
I need each application on same domain to have its own session so that both can stay logged on.
I have two different IIS applications within the same domain(let us say www.mydomain.com) , both of these applications use the same database instance(same connectionstring), now what I want is that both of applications can see each sessions variables , can SQL Server session state mode helps in this case? Did someone try that before? Is there any other way to share the session variables?
View 3 RepliesI have a main domain "mydomain.com" and then a sub domain "forums.mydomain.com". If a user visits "forums.mydomain.com" without being logged in, they are redirected to "mydomain.com/login.aspx".
The two scenarios are:
If they are redirected to the login page with "mydomain.com/login.aspx?ReturnUrl=http://forums.mydomain.com", then they are succesfully logged into the forums but NOT the main site.
If they are simply redirected to the login page with "mydomain.com/login.aspx" with no returnUrl, they are correctly logged into both the main site and the forums.
I see on the bottom of blog pages a sharing buttons (Twitter and Facebook), where if clicked the link behind (which is normally the blog page url) the fshare button takes the clicker to the blog site facebook page respectively.
How does one do this in asp.net 2 , does one one use the <%# %> in the url part of these share buttons, are there any examples of how this is done?
I'm handling cookies using JavaScript to store some values in my asp.net web application.I use document.cookie to save some values (converted into a lengthy string). But i want that value to be accessible across all the pages in my application.When i try to get that value from a different page, i get the values pertaining to the document in the current URL.
In short i save the value in the cookie in http://myapp/doc1.aspx and want to retrieve it in http://myapp/doc2.aspx
So is document.cookie is pertaining to a single document scope? How can i save/read cookies across the site?
Update.This is how i get and set cookies
function getCookie(c_name)
{
try{ [code]...
But i'm getting different values for the cookies in different pages.
I've been worked with web services so far, and I'm interested in expanding my services to console applications as well so I started digging up with WCF but I'm conserned that I won't be able to use the HttpContext collection that I've been used to do with web services one important thing which is to generate a random value from HttpContext.Current.Request.ServerVariables["ALL_HTTP"] that I need to reckon if it's the same or at least near what machine that is calling my service. How can I overcome this problem?
I need to know what machine is calling to count the number of attempts to login into my system for example. So must do it inside of the svc code otherwise if I let the client inform what ip address or what computer he is using, anyone could forge this argument and surpass by another machine. May be I'm approaching this matter wrongly. And I should count the number of attempts per state session, but how is it done?
Our corporate intranet is designed so that each web application is a child application in the primary application.. Everything has worked fine with Visual Studio 2008 and even in 2010 running the website locally works great, the output directory for the child apps is ..in and the ProjectName.dll copies to that directory.. When I do a publish however it does not and I have to manually copy the dll from the bin folder in the project folder to the parent bin folder, this isn't hard of course but more of a pain in the butt each time I need to publish something. I made sure the output directory is correct for both debug and release yet on publish is just copies it to the child bin and not the parent bin as needed.
View 2 Replies