|
Home > Archive > Commerce Server General > July 2004 > Lost cookie from non-secure to secure host
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Lost cookie from non-secure to secure host
|
|
| Rapidexposure 2004-07-09, 3:11 pm |
| I'm trying to setup a site (based on Retail) with a non-secure host name of nationalrecoverystore.com and a secure host name of rapidexposure.com. (With an application path of recovery). I can go through the site and place items into the basket and go th
e the summary page. On clicking checkout on the summary page the page tries to go to rapidexposure.com/recovery/crdcard.asp (https) as I believe it should but then it is redirected to the basket. It appears that it has lost the auth cookie when moving fr
om non-secure to secure. Is there a detailed guide/docs for this situation? Any help is much appreciated.
Thank you,
--Geri
| |
| Austin Skyles [MSFT] 2004-07-09, 3:11 pm |
| Your problem is rooted in the browser rules for cookies. A browser will not
send a cookie to a domain other than the one it was created for. In your
example, the cookie belongs to domain nationalrecoverystore.com and you are
expecting it to be transmitted to rapidexposure.com, this violates the
browser rules and the cookie will not be sent. As an alternative, you could
supply the cookie code to the rapidexposure.com domain in the URL redirect
query string, and have the page at rapidexposure.com write out the cookie
from that domain.
Austin Skyles
This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use.
© 2002 Microsoft Corporation. All rights reserved.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
Get Secure! For more info visit http://www.microsoft.com/security.
Please reply to the newsgroups only. Thanks
--------------------
Thread-Topic: Lost cookie from non-secure to secure host
thread-index: AcRjuUMAiJ/grD4eQ/2LGP4JHlbC1w==
X-WBNR-Posting-Host: 68.118.206.6
From: "=?Utf-8?B?UmFwaWRleHBvc3VyZQ==?="
<Rapidexposure@discussions.microsoft.com>
Subject: Lost cookie from non-secure to secure host
Date: Tue, 6 Jul 2004 17:28:01 -0700
Lines: 4
Message-ID: <C3B8E874-ED38-43CB-88BC-44A5161B7A05@microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.commerceserver.general
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 127.0.0.1
Path: cpmsftngxa06.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
Xref: cpmsftngxa06.phx.gbl microsoft.public.commerceserver.general:14199
X-Tomcat-NG: microsoft.public.commerceserver.general
I'm trying to setup a site (based on Retail) with a non-secure host name of
nationalrecoverystore.com and a secure host name of rapidexposure.com.
(With an application path of recovery). I can go through the site and
place items into the basket and go the the summary page. On clicking
checkout on the summary page the page tries to go to
rapidexposure.com/recovery/crdcard.asp (https) as I believe it should but
then it is redirected to the basket. It appears that it has lost the auth
cookie when moving from non-secure to secure. Is there a detailed
guide/docs for this situation? Any help is much appreciated.
Thank you,
--Geri
| |
| Rapidexposure 2004-07-09, 3:11 pm |
| Thanks, I thought perhaps there was some magic going on under the covers in Commerce Server. From your response I have to assume that unless I write special code to enable the "pass" from one domain to another (via URL) my only options are to stay in the
same base domain (ie., nationalrecoverystore.com --> secure.nationalrecoverystore.com) -- is this true? thanks again for your response.
--Geri
"Austin Skyles [MSFT]" wrote:
> Your problem is rooted in the browser rules for cookies. A browser will not
> send a cookie to a domain other than the one it was created for. In your
> example, the cookie belongs to domain nationalrecoverystore.com and you are
> expecting it to be transmitted to rapidexposure.com, this violates the
> browser rules and the cookie will not be sent. As an alternative, you could
> supply the cookie code to the rapidexposure.com domain in the URL redirect
> query string, and have the page at rapidexposure.com write out the cookie
> from that domain.
>
> Austin Skyles
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
> You assume all risk for your use.
> © 2002 Microsoft Corporation. All rights reserved.
> Use of included script samples are subject to the terms specified at
> http://www.microsoft.com/info/cpyright.htm
> Get Secure! For more info visit http://www.microsoft.com/security.
> Please reply to the newsgroups only. Thanks
>
>
> --------------------
> Thread-Topic: Lost cookie from non-secure to secure host
> thread-index: AcRjuUMAiJ/grD4eQ/2LGP4JHlbC1w==
> X-WBNR-Posting-Host: 68.118.206.6
> From: "=?Utf-8?B?UmFwaWRleHBvc3VyZQ==?="
> <Rapidexposure@discussions.microsoft.com>
> Subject: Lost cookie from non-secure to secure host
> Date: Tue, 6 Jul 2004 17:28:01 -0700
> Lines: 4
> Message-ID: <C3B8E874-ED38-43CB-88BC-44A5161B7A05@microsoft.com>
> MIME-Version: 1.0
> Content-Type: text/plain;
> charset="Utf-8"
> Content-Transfer-Encoding: 7bit
> X-Newsreader: Microsoft CDO for Windows 2000
> Content-Class: urn:content-classes:message
> Importance: normal
> Priority: normal
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> Newsgroups: microsoft.public.commerceserver.general
> NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 127.0.0.1
> Path: cpmsftngxa06.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
> Xref: cpmsftngxa06.phx.gbl microsoft.public.commerceserver.general:14199
> X-Tomcat-NG: microsoft.public.commerceserver.general
>
> I'm trying to setup a site (based on Retail) with a non-secure host name of
> nationalrecoverystore.com and a secure host name of rapidexposure.com.
> (With an application path of recovery). I can go through the site and
> place items into the basket and go the the summary page. On clicking
> checkout on the summary page the page tries to go to
> rapidexposure.com/recovery/crdcard.asp (https) as I believe it should but
> then it is redirected to the basket. It appears that it has lost the auth
> cookie when moving from non-secure to secure. Is there a detailed
> guide/docs for this situation? Any help is much appreciated.
>
> Thank you,
> --Geri
>
|
|
|
|
|