Cookies working on intranet but NOT working on Internet

Discussion in 'ASP .Net' started by Martin Heuckeroth, Mar 24, 2005.

  1. Hi

    We are working on a webservice application and are having some
    problems with the cookies and/or sessions.

    We have them working on our intranet but then its not working on the
    internet. We have been looking our asses off but can not find a
    working solution.

    the code we came up with is ...

    Public Sub SetCookies(ByVal cUserAlias, ByVal nUserID)
    Response.Cookies("userInfo")("userAlis") = cUserAlias
    Response.Cookies("userInfo")("userID") = nUserID
    Response.Cookies("userInfo").Expires = DateTime.Now.AddDays(1)
    End Sub

    If Not Request.Cookies("userInfo") Is Nothing Then
    cUserAlias =
    Server.HtmlEncode(Request.Cookies("UserInfo")("userAlias"))
    nUserId =
    Server.HtmlEncode(Request.Cookies("UserInfo")("userID"))
    End If

    What are we doin wrong. Why is there no cookie created when we logon
    to our project over the internet and IS there a cookie created when we
    logon over our intranet. Any help is appreciated

    Martin
    Martin Heuckeroth, Mar 24, 2005
    #1
    1. Advertising

  2. Martin Heuckeroth

    JiangZemin Guest

    Hi,
    I would guess (not knowing how you are setup) this has something to do with
    how your intranet and internet sites have different domains and this is
    affecting how IE is dealing with cookie security.
    You may need to implement P3P privacy policy on the servers in order for
    cookies to work (its easy). This is not really a .NET problem but more of a
    "dang, why did they put that feature in IE6" problem. Please refer to this
    short article:
    http://www.microsoft.com/windowsxp/using/security/learnmore/ie6.mspx

    For example, your intranet site might be acting as a third-party site to
    your first-party internet site, and by default IE6 blocks third-party
    cookies. You can try testing this by setting IE6 cookie security to "accept
    all cookies" and see what happens.

    Another alternative to the P3P thing is if you have control over all users
    browsers, you could change their Privacy settings in their browsers, to
    override the IE6 defaults.

    HTH,
    Premier JiangZemin

    "Martin Heuckeroth" <> wrote in message
    news:...
    > Hi
    >
    > We are working on a webservice application and are having some
    > problems with the cookies and/or sessions.
    >
    > We have them working on our intranet but then its not working on the
    > internet. We have been looking our asses off but can not find a
    > working solution.
    >
    > the code we came up with is ...
    >
    > Public Sub SetCookies(ByVal cUserAlias, ByVal nUserID)
    > Response.Cookies("userInfo")("userAlis") = cUserAlias
    > Response.Cookies("userInfo")("userID") = nUserID
    > Response.Cookies("userInfo").Expires = DateTime.Now.AddDays(1)
    > End Sub
    >
    > If Not Request.Cookies("userInfo") Is Nothing Then
    > cUserAlias =
    > Server.HtmlEncode(Request.Cookies("UserInfo")("userAlias"))
    > nUserId =
    > Server.HtmlEncode(Request.Cookies("UserInfo")("userID"))
    > End If
    >
    > What are we doin wrong. Why is there no cookie created when we logon
    > to our project over the internet and IS there a cookie created when we
    > logon over our intranet. Any help is appreciated
    >
    > Martin
    >
    JiangZemin, Mar 25, 2005
    #2
    1. Advertising

  3. Martin Heuckeroth

    JiangZemin Guest

    PS.
    I assume the difference in spelling "userAlis" vs. "userAlias" in your code
    is just a copy-and-paste bug, and not in your actual code?
    -Premier JiangZemin

    "Martin Heuckeroth" <> wrote in message
    news:...
    > Hi
    >
    > We are working on a webservice application and are having some
    > problems with the cookies and/or sessions.
    >
    > We have them working on our intranet but then its not working on the
    > internet. We have been looking our asses off but can not find a
    > working solution.
    >
    > the code we came up with is ...
    >
    > Public Sub SetCookies(ByVal cUserAlias, ByVal nUserID)
    > Response.Cookies("userInfo")("userAlis") = cUserAlias
    > Response.Cookies("userInfo")("userID") = nUserID
    > Response.Cookies("userInfo").Expires = DateTime.Now.AddDays(1)
    > End Sub
    >
    > If Not Request.Cookies("userInfo") Is Nothing Then
    > cUserAlias =
    > Server.HtmlEncode(Request.Cookies("UserInfo")("userAlias"))
    > nUserId =
    > Server.HtmlEncode(Request.Cookies("UserInfo")("userID"))
    > End If
    >
    > What are we doin wrong. Why is there no cookie created when we logon
    > to our project over the internet and IS there a cookie created when we
    > logon over our intranet. Any help is appreciated
    >
    > Martin
    >
    JiangZemin, Mar 25, 2005
    #3
  4. Martin Heuckeroth

    MartinH Guest

    Thx for your concern. Indeed, it's a typo :D


    On Thu, 24 Mar 2005 20:25:12 -0500, "JiangZemin"
    <> wrote:

    >PS.
    >I assume the difference in spelling "userAlis" vs. "userAlias" in your code
    >is just a copy-and-paste bug, and not in your actual code?
    >-Premier JiangZemin
    >
    >"Martin Heuckeroth" <> wrote in message
    >news:...
    >> Hi
    >>
    >> We are working on a webservice application and are having some
    >> problems with the cookies and/or sessions.
    >>
    >> We have them working on our intranet but then its not working on the
    >> internet. We have been looking our asses off but can not find a
    >> working solution.
    >>
    >> the code we came up with is ...
    >>
    >> Public Sub SetCookies(ByVal cUserAlias, ByVal nUserID)
    >> Response.Cookies("userInfo")("userAlis") = cUserAlias
    >> Response.Cookies("userInfo")("userID") = nUserID
    >> Response.Cookies("userInfo").Expires = DateTime.Now.AddDays(1)
    >> End Sub
    >>
    >> If Not Request.Cookies("userInfo") Is Nothing Then
    >> cUserAlias =
    >> Server.HtmlEncode(Request.Cookies("UserInfo")("userAlias"))
    >> nUserId =
    >> Server.HtmlEncode(Request.Cookies("UserInfo")("userID"))
    >> End If
    >>
    >> What are we doin wrong. Why is there no cookie created when we logon
    >> to our project over the internet and IS there a cookie created when we
    >> logon over our intranet. Any help is appreciated
    >>
    >> Martin
    >>

    >
    MartinH, Mar 31, 2005
    #4
  5. Martin Heuckeroth

    MartinH Guest

    Hi,

    Thanks for your answer. You spotted the problem. Indeed, its all
    working when i working when i adjust the privacy settings in my
    browser from medium to accept all cookies.

    Can you deliver any insight on setting the priviacy policy on the
    website to have the browser accept the cookies? Or steer me in the
    right direction?

    Tia, Martinh


    On Thu, 24 Mar 2005 20:21:55 -0500, "JiangZemin"
    <> wrote:

    >Hi,
    >I would guess (not knowing how you are setup) this has something to do with
    >how your intranet and internet sites have different domains and this is
    >affecting how IE is dealing with cookie security.
    >You may need to implement P3P privacy policy on the servers in order for
    >cookies to work (its easy). This is not really a .NET problem but more of a
    >"dang, why did they put that feature in IE6" problem. Please refer to this
    >short article:
    >http://www.microsoft.com/windowsxp/using/security/learnmore/ie6.mspx
    >
    >For example, your intranet site might be acting as a third-party site to
    >your first-party internet site, and by default IE6 blocks third-party
    >cookies. You can try testing this by setting IE6 cookie security to "accept
    >all cookies" and see what happens.
    >
    >Another alternative to the P3P thing is if you have control over all users
    >browsers, you could change their Privacy settings in their browsers, to
    >override the IE6 defaults.
    >
    >HTH,
    >Premier JiangZemin
    >
    >"Martin Heuckeroth" <> wrote in message
    >news:...
    >> Hi
    >>
    >> We are working on a webservice application and are having some
    >> problems with the cookies and/or sessions.
    >>
    >> We have them working on our intranet but then its not working on the
    >> internet. We have been looking our asses off but can not find a
    >> working solution.
    >>
    >> the code we came up with is ...
    >>
    >> Public Sub SetCookies(ByVal cUserAlias, ByVal nUserID)
    >> Response.Cookies("userInfo")("userAlis") = cUserAlias
    >> Response.Cookies("userInfo")("userID") = nUserID
    >> Response.Cookies("userInfo").Expires = DateTime.Now.AddDays(1)
    >> End Sub
    >>
    >> If Not Request.Cookies("userInfo") Is Nothing Then
    >> cUserAlias =
    >> Server.HtmlEncode(Request.Cookies("UserInfo")("userAlias"))
    >> nUserId =
    >> Server.HtmlEncode(Request.Cookies("UserInfo")("userID"))
    >> End If
    >>
    >> What are we doin wrong. Why is there no cookie created when we logon
    >> to our project over the internet and IS there a cookie created when we
    >> logon over our intranet. Any help is appreciated
    >>
    >> Martin
    >>

    >
    MartinH, Mar 31, 2005
    #5
  6. Martin Heuckeroth

    JiangZemin Guest

    Hi,
    these links should help:
    http://msdn.microsoft.com/library/d...rity/privacy/overview/createprivacypolicy.asp

    http://support.microsoft.com/?kbid=324013

    The easiest thing to do is to just add compact policies to HTTP headers,
    thru IIS. This can be done very quickly, esp. if you just use some sample
    policies which is kind of cheating, but this might not be the "right" thing
    to do, depending on the likelihood of your site getting sued by a user who
    somehow discovers that your compact policy doesnt actually reflect your
    company's privacy policy, and gets upset enough to call a lawyer.
    Actually i think the chances of that happening for most sites are almost
    zero, and ive never heard of any cases where P3P is anything more than an
    annoying "feature" that trips up a lot of people. So i would guess the
    majority of web programmers just take the easy way out and add this dummy
    header which -should- be enough to fool IE into thinking that a compact
    policy exists:
    CP="TST". If you use that dummy header make sure to test it with latest
    version of IE6, with "medium" setting.

    On the other end of the scale you could get your company's legal dept
    involved in crafting the privacy policy for your site, and work with them to
    translate it according to the P3P spec. But that could take a while. :^P

    HTH,
    Premier JiangZemin

    "MartinH" <> wrote in message
    news:...
    >
    > Hi,
    >
    > Thanks for your answer. You spotted the problem. Indeed, its all
    > working when i working when i adjust the privacy settings in my
    > browser from medium to accept all cookies.
    >
    > Can you deliver any insight on setting the priviacy policy on the
    > website to have the browser accept the cookies? Or steer me in the
    > right direction?
    >
    > Tia, Martinh
    >
    >
    > On Thu, 24 Mar 2005 20:21:55 -0500, "JiangZemin"
    > <> wrote:
    >
    >>Hi,
    >>I would guess (not knowing how you are setup) this has something to do
    >>with
    >>how your intranet and internet sites have different domains and this is
    >>affecting how IE is dealing with cookie security.
    >>You may need to implement P3P privacy policy on the servers in order for
    >>cookies to work (its easy). This is not really a .NET problem but more of
    >>a
    >>"dang, why did they put that feature in IE6" problem. Please refer to
    >>this
    >>short article:
    >>http://www.microsoft.com/windowsxp/using/security/learnmore/ie6.mspx
    >>
    >>For example, your intranet site might be acting as a third-party site to
    >>your first-party internet site, and by default IE6 blocks third-party
    >>cookies. You can try testing this by setting IE6 cookie security to
    >>"accept
    >>all cookies" and see what happens.
    >>
    >>Another alternative to the P3P thing is if you have control over all users
    >>browsers, you could change their Privacy settings in their browsers, to
    >>override the IE6 defaults.
    >>
    >>HTH,
    >>Premier JiangZemin
    >>
    >>"Martin Heuckeroth" <> wrote in message
    >>news:...
    >>> Hi
    >>>
    >>> We are working on a webservice application and are having some
    >>> problems with the cookies and/or sessions.
    >>>
    >>> We have them working on our intranet but then its not working on the
    >>> internet. We have been looking our asses off but can not find a
    >>> working solution.
    >>>
    >>> the code we came up with is ...
    >>>
    >>> Public Sub SetCookies(ByVal cUserAlias, ByVal nUserID)
    >>> Response.Cookies("userInfo")("userAlis") = cUserAlias
    >>> Response.Cookies("userInfo")("userID") = nUserID
    >>> Response.Cookies("userInfo").Expires = DateTime.Now.AddDays(1)
    >>> End Sub
    >>>
    >>> If Not Request.Cookies("userInfo") Is Nothing Then
    >>> cUserAlias =
    >>> Server.HtmlEncode(Request.Cookies("UserInfo")("userAlias"))
    >>> nUserId =
    >>> Server.HtmlEncode(Request.Cookies("UserInfo")("userID"))
    >>> End If
    >>>
    >>> What are we doin wrong. Why is there no cookie created when we logon
    >>> to our project over the internet and IS there a cookie created when we
    >>> logon over our intranet. Any help is appreciated
    >>>
    >>> Martin
    >>>

    >>

    >
    JiangZemin, Apr 1, 2005
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Raj

    SSL in Internet and Intranet

    Raj, Jan 19, 2004, in forum: ASP .Net
    Replies:
    1
    Views:
    420
    Miha Markic
    Jan 19, 2004
  2. Luis Esteban Valencia
    Replies:
    0
    Views:
    394
    Luis Esteban Valencia
    Oct 26, 2004
  3. _Who
    Replies:
    7
    Views:
    2,625
  4. Stephanie Stowe
    Replies:
    2
    Views:
    198
    Peter X
    Apr 7, 2004
  5. bb
    Replies:
    0
    Views:
    542
Loading...

Share This Page