Do domains override cookies? Why?

Discussion in 'ASP General' started by Guest, Aug 21, 2004.

  1. Guest

    Guest Guest

    I think I may have a problem with the user of cookies in my centralized
    logon and registration system that I hoped could be consumed by all the
    sub-domains on my remote host IP.

    I built the application in the root of the IP and redirect the user back to
    his requested page after his Login. Just before this I set a permanent
    cookie.

    But, it appears when the user gets back to the page its GONE.

    However, if I go to the same address via IP and correct folder path IT is.

    How can this be...I thought a cookie was written to the browser...what
    difference does the domain make....can I salvage this application without
    having to deploy it in mutliple sub-domains?

    Appreciate any help here.
    Jason
     
    Guest, Aug 21, 2004
    #1
    1. Advertising

  2. Guest

    Guest Guest

    Ok...I just figured this out in my head...if this was not so, I could read
    cookies set by eg: Amazon...this makes sense.

    But, surely since I control the domains and sub-webs on my remote web host
    IP I should be able to somehow work around this.....

    I cannot believe one has to deploy duplcate registration/login systems to
    seperate folders on the same IP even if they have different domains?

    There must be a way for me to overcome this?

    Appreciate some help here.

    Thanks
    Jason
    <> wrote in message
    news:udQ$i%...
    > I think I may have a problem with the user of cookies in my centralized
    > logon and registration system that I hoped could be consumed by all the
    > sub-domains on my remote host IP.
    >
    > I built the application in the root of the IP and redirect the user back

    to
    > his requested page after his Login. Just before this I set a permanent
    > cookie.
    >
    > But, it appears when the user gets back to the page its GONE.
    >
    > However, if I go to the same address via IP and correct folder path IT is.
    >
    > How can this be...I thought a cookie was written to the browser...what
    > difference does the domain make....can I salvage this application without
    > having to deploy it in mutliple sub-domains?
    >
    > Appreciate any help here.
    > Jason
    >
    >
     
    Guest, Aug 21, 2004
    #2
    1. Advertising

  3. wrote:
    > Ok...I just figured this out in my head...if this was not so, I could
    > read cookies set by eg: Amazon...this makes sense.
    >
    > But, surely since I control the domains and sub-webs on my remote web
    > host IP I should be able to somehow work around this.....
    >
    > I cannot believe one has to deploy duplcate registration/login
    > systems to seperate folders on the same IP even if they have
    > different domains?
    >
    > There must be a way for me to overcome this?
    >


    Use a database instead of cookies.

    Bob Barrows
    --
    Microsoft MVP - ASP/ASP.NET
    Please reply to the newsgroup. This email account is my spam trap so I
    don't check it very often. If you must reply off-line, then remove the
    "NO SPAM"
     
    Bob Barrows [MVP], Aug 21, 2004
    #3
  4. Guest

    Guest Guest

    My system is built on top of a database. If the user does not have cookies
    he has to login each time to see the desiired page...problem getting the
    cookies across domains.

    I did consider this idea:
    http://www.asp101.com/articles/chris/transfercookies/default.asp
    ...but seems messy.

    I also realise Aaron has a different approach with his js shopping
    cart...but unclear how to adapt my code to fit either of the above models.

    - Jason


    "Bob Barrows [MVP]" <> wrote in message
    news:...
    > wrote:
    > > Ok...I just figured this out in my head...if this was not so, I could
    > > read cookies set by eg: Amazon...this makes sense.
    > >
    > > But, surely since I control the domains and sub-webs on my remote web
    > > host IP I should be able to somehow work around this.....
    > >
    > > I cannot believe one has to deploy duplcate registration/login
    > > systems to seperate folders on the same IP even if they have
    > > different domains?
    > >
    > > There must be a way for me to overcome this?
    > >

    >
    > Use a database instead of cookies.
    >
    > Bob Barrows
    > --
    > Microsoft MVP - ASP/ASP.NET
    > Please reply to the newsgroup. This email account is my spam trap so I
    > don't check it very often. If you must reply off-line, then remove the
    > "NO SPAM"
    >
    >
     
    Guest, Aug 21, 2004
    #4
  5. Guest

    Guest Guest

    Bob, as I understand it the Database ID approach (instead of cookies or
    sessions) involves generating a unique id for a user when he enters the site
    or my 'secure page' for the first time...I understand this. But this is what
    I don't get:

    1. Even If I generate a random ID for the user, how will I know or
    'Remember' who is he is the next time he enters the site...as soon he leaves
    that resident
    ID in the database user table cannot be assigned back to him on his return
    as I have no idea who is he is.

    I understand that is great for tracking Anon users around the site but even
    if force him to register or re-login in a certain point I still don't see
    how I can 'remember' who is without using cookies.

    Thanks
    Jason




    <> wrote in message
    news:%23xBm%...
    > My system is built on top of a database. If the user does not have cookies
    > he has to login each time to see the desiired page...problem getting the
    > cookies across domains.
    >
    > I did consider this idea:
    > http://www.asp101.com/articles/chris/transfercookies/default.asp
    > ..but seems messy.
    >
    > I also realise Aaron has a different approach with his js shopping
    > cart...but unclear how to adapt my code to fit either of the above models.
    >
    > - Jason
    >
    >
    > "Bob Barrows [MVP]" <> wrote in message
    > news:...
    > > wrote:
    > > > Ok...I just figured this out in my head...if this was not so, I could
    > > > read cookies set by eg: Amazon...this makes sense.
    > > >
    > > > But, surely since I control the domains and sub-webs on my remote web
    > > > host IP I should be able to somehow work around this.....
    > > >
    > > > I cannot believe one has to deploy duplcate registration/login
    > > > systems to seperate folders on the same IP even if they have
    > > > different domains?
    > > >
    > > > There must be a way for me to overcome this?
    > > >

    > >
    > > Use a database instead of cookies.
    > >
    > > Bob Barrows
    > > --
    > > Microsoft MVP - ASP/ASP.NET
    > > Please reply to the newsgroup. This email account is my spam trap so I
    > > don't check it very often. If you must reply off-line, then remove the
    > > "NO SPAM"
    > >
    > >

    >
    >
     
    Guest, Aug 21, 2004
    #5
  6. Guest

    Guest Guest

    Ok, I took a look at the cart example off aspfaq. I entered the site three
    time in 5 minutes and was assigned a unique id:

    (7) 127.0.0.18/21/2004 2:42:57 PM8/21/2004 2:43:03 PM
    (8) 127.0.0.18/21/2004 2:48:05 PM8/21/2004 2:48:05 PM
    (9)127.0.0.18/21/2004 2:48:06 PM8/21/2004 2:51:23 PM

    This means I one person could end up having hundreds of unique ides and this
    is PRIOR to getting him to login or register for the first time.

    Does this not create huge database performance overheads - even in sql
    server.....

    As my sites are built informational pages that require registration or
    re-logging in I am struggling to work out how to use this system.

    Would I have to assign a 'Master ID' once he registers which all the
    previous anon ids are linked to.......

    Thanks
    Jason
     
    Guest, Aug 21, 2004
    #6
  7. Guest

    Roland Hall Guest

    <> wrote in message
    news:...
    : Ok, I took a look at the cart example off aspfaq. I entered the site three
    : time in 5 minutes and was assigned a unique id:
    :
    : (7) 127.0.0.18/21/2004 2:42:57 PM8/21/2004 2:43:03 PM
    : (8) 127.0.0.18/21/2004 2:48:05 PM8/21/2004 2:48:05 PM
    : (9)127.0.0.18/21/2004 2:48:06 PM8/21/2004 2:51:23 PM
    :
    : This means I one person could end up having hundreds of unique ides and
    this
    : is PRIOR to getting him to login or register for the first time.
    :
    : Does this not create huge database performance overheads - even in sql
    : server.....
    :
    : As my sites are built informational pages that require registration or
    : re-logging in I am struggling to work out how to use this system.
    :
    : Would I have to assign a 'Master ID' once he registers which all the
    : previous anon ids are linked to.......

    Jason...

    A cookie is stored on a client. You are gambling that the user will never
    delete the cookie. If they do, they have to get a new cookie so what is the
    difference with using a GUID vs a cookie? The GUID is stored in the
    database so you know who the user is each time, however, they will have to
    logon or you could also use a cookie and log them in if it's set, if not,
    offer them to either logon with their username/password if a repeat visitor
    or allow them to create an account if they're new.

    Users are used to logging in. If you rely on a client-side solution, you
    have no control over it's longevity. If you use GUIDs, you have control but
    the users have to logon, IF their cookie is not set, considering you use
    both. The only other option is don't track them.

    --
    Roland Hall
    /* This information is distributed in the hope that it will be useful, but
    without any warranty; without even the implied warranty of merchantability
    or fitness for a particular purpose. */
    Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
    WSH 5.6 Documentation - http://msdn.microsoft.com/downloads/list/webdev.asp
    MSDN Library - http://msdn.microsoft.com/library/default.asp
     
    Roland Hall, Aug 22, 2004
    #7
  8. Guest

    Guest Guest

    Hi Roland....actually my current system degrades gracefully depending on
    whether:

    1. Cookies disabled
    2. Cookies deleted

    If either of these conditions is true I FORCE the user to login each and
    every time he comes through a secure page.

    I have also made sure there is an additionaly database check for the expiry
    date which overrides the cookie expiry date if need be.

    I now understand that the GUID approach does not allow 'REMEMBERENCE' that
    cookies can allow. This is what is was throwing me.

    When I was looking at Aaron's example I thought perhaps there was some
    rememberence in there but now I realise it only lasts for the
    duration of the user session and it is up to me to still add in login
    security with NO rememberence.

    I am now trying to work out a way to allow my centralized IP lognn system to
    be consumed by children domains on the IP.

    I realise that cookies do not work across domains but I have found two
    possible solutions:

    1. Javascript include:
    http://www.pathlore.com/customer/support/tech_tip_may2003.asp

    2. Image download method:

    http://www.eggheadcafe.com/ng/microsoft.public.inetserver.asp.components
    /post196513.asp

    3. Redirect method:

    http://www.asp101.com/articles/chris/transfercookies/default.asp

    - Jason




    My biggest problem now is finding a way
    "Roland Hall" <nobody@nowhere> wrote in message
    news:...
    > <> wrote in message
    > news:...
    > : Ok, I took a look at the cart example off aspfaq. I entered the site

    three
    > : time in 5 minutes and was assigned a unique id:
    > :
    > : (7) 127.0.0.18/21/2004 2:42:57 PM8/21/2004 2:43:03 PM
    > : (8) 127.0.0.18/21/2004 2:48:05 PM8/21/2004 2:48:05 PM
    > : (9)127.0.0.18/21/2004 2:48:06 PM8/21/2004 2:51:23 PM
    > :
    > : This means I one person could end up having hundreds of unique ides and
    > this
    > : is PRIOR to getting him to login or register for the first time.
    > :
    > : Does this not create huge database performance overheads - even in sql
    > : server.....
    > :
    > : As my sites are built informational pages that require registration or
    > : re-logging in I am struggling to work out how to use this system.
    > :
    > : Would I have to assign a 'Master ID' once he registers which all the
    > : previous anon ids are linked to.......
    >
    > Jason...
    >
    > A cookie is stored on a client. You are gambling that the user will never
    > delete the cookie. If they do, they have to get a new cookie so what is

    the
    > difference with using a GUID vs a cookie? The GUID is stored in the
    > database so you know who the user is each time, however, they will have to
    > logon or you could also use a cookie and log them in if it's set, if not,
    > offer them to either logon with their username/password if a repeat

    visitor
    > or allow them to create an account if they're new.
    >
    > Users are used to logging in. If you rely on a client-side solution, you
    > have no control over it's longevity. If you use GUIDs, you have control

    but
    > the users have to logon, IF their cookie is not set, considering you use
    > both. The only other option is don't track them.
    >
    > --
    > Roland Hall
    > /* This information is distributed in the hope that it will be useful, but
    > without any warranty; without even the implied warranty of merchantability
    > or fitness for a particular purpose. */
    > Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
    > WSH 5.6 Documentation -

    http://msdn.microsoft.com/downloads/list/webdev.asp
    > MSDN Library - http://msdn.microsoft.com/library/default.asp
    >
    >
     
    Guest, Aug 23, 2004
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Fred Palmer

    Managing cookies for multiple domains

    Fred Palmer, Jul 3, 2003, in forum: ASP .Net
    Replies:
    0
    Views:
    520
    Fred Palmer
    Jul 3, 2003
  2. Ashish

    cookies for domains.

    Ashish, Nov 18, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    1,279
    Bruce Barker
    Nov 19, 2005
  3. Jimmy
    Replies:
    1
    Views:
    984
    Cowboy \(Gregory A. Beamer\)
    Nov 21, 2006
  4. Mr. SweatyFinger
    Replies:
    2
    Views:
    2,216
    Smokey Grindel
    Dec 2, 2006
  5. _Who
    Replies:
    7
    Views:
    2,768
Loading...

Share This Page