Cookies working on intranet but NOT working on Internet

M

Martin Heuckeroth

Hi

We are working on a webservice application and are having some
problems with the cookies and/or sessions.

We have them working on our intranet but then its not working on the
internet. We have been looking our asses off but can not find a
working solution.

the code we came up with is ...

Public Sub SetCookies(ByVal cUserAlias, ByVal nUserID)
Response.Cookies("userInfo")("userAlis") = cUserAlias
Response.Cookies("userInfo")("userID") = nUserID
Response.Cookies("userInfo").Expires = DateTime.Now.AddDays(1)
End Sub

If Not Request.Cookies("userInfo") Is Nothing Then
cUserAlias =
Server.HtmlEncode(Request.Cookies("UserInfo")("userAlias"))
nUserId =
Server.HtmlEncode(Request.Cookies("UserInfo")("userID"))
End If

What are we doin wrong. Why is there no cookie created when we logon
to our project over the internet and IS there a cookie created when we
logon over our intranet. Any help is appreciated

Martin
 
J

JiangZemin

Hi,
I would guess (not knowing how you are setup) this has something to do with
how your intranet and internet sites have different domains and this is
affecting how IE is dealing with cookie security.
You may need to implement P3P privacy policy on the servers in order for
cookies to work (its easy). This is not really a .NET problem but more of a
"dang, why did they put that feature in IE6" problem. Please refer to this
short article:
http://www.microsoft.com/windowsxp/using/security/learnmore/ie6.mspx

For example, your intranet site might be acting as a third-party site to
your first-party internet site, and by default IE6 blocks third-party
cookies. You can try testing this by setting IE6 cookie security to "accept
all cookies" and see what happens.

Another alternative to the P3P thing is if you have control over all users
browsers, you could change their Privacy settings in their browsers, to
override the IE6 defaults.

HTH,
Premier JiangZemin
 
J

JiangZemin

PS.
I assume the difference in spelling "userAlis" vs. "userAlias" in your code
is just a copy-and-paste bug, and not in your actual code?
-Premier JiangZemin
 
M

MartinH

Thx for your concern. Indeed, it's a typo :D


PS.
I assume the difference in spelling "userAlis" vs. "userAlias" in your code
is just a copy-and-paste bug, and not in your actual code?
-Premier JiangZemin
 
M

MartinH

Hi,

Thanks for your answer. You spotted the problem. Indeed, its all
working when i working when i adjust the privacy settings in my
browser from medium to accept all cookies.

Can you deliver any insight on setting the priviacy policy on the
website to have the browser accept the cookies? Or steer me in the
right direction?

Tia, Martinh
 
J

JiangZemin

Hi,
these links should help:
http://msdn.microsoft.com/library/d...rity/privacy/overview/createprivacypolicy.asp

http://support.microsoft.com/?kbid=324013

The easiest thing to do is to just add compact policies to HTTP headers,
thru IIS. This can be done very quickly, esp. if you just use some sample
policies which is kind of cheating, but this might not be the "right" thing
to do, depending on the likelihood of your site getting sued by a user who
somehow discovers that your compact policy doesnt actually reflect your
company's privacy policy, and gets upset enough to call a lawyer.
Actually i think the chances of that happening for most sites are almost
zero, and ive never heard of any cases where P3P is anything more than an
annoying "feature" that trips up a lot of people. So i would guess the
majority of web programmers just take the easy way out and add this dummy
header which -should- be enough to fool IE into thinking that a compact
policy exists:
CP="TST". If you use that dummy header make sure to test it with latest
version of IE6, with "medium" setting.

On the other end of the scale you could get your company's legal dept
involved in crafting the privacy policy for your site, and work with them to
translate it according to the P3P spec. But that could take a while. :^P

HTH,
Premier JiangZemin
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,733
Messages
2,569,439
Members
44,829
Latest member
PIXThurman

Latest Threads

Top