|
Home > Archive > Commerce Server General > September 2005 > Sharing Cookies between HTTP and HTTPS
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Sharing Cookies between HTTP and HTTPS
|
|
| BeerBoy 2005-09-27, 5:53 pm |
| I have one site with two host headers :
dev.mystore.com (http) and secure.mystore.com (https)
All works fine except when I swap between the sites - if I add
something into the basket in one and then browse to the second I want
to have the same basket - however this is not working.
I assume the reason is that they are not sharing cookies.
I've configure commerce server manager so non-secure hostname is
'dev.mystore.com' and secure hostname is 'secure.mystore.com', I have
also ticked 'Autocookie' and enabled the authentication filter. Finally
I've set the number of shared domain levels to be 2, but all this
doesn't seem to work.
When I use firefox and look at the cookies I can see the 'host' entry
is either 'secure.mystore.com' or 'dev.mystore.com' depending on the
site visited. I had somehow expected both sites to write cookies called
just 'mystore.com' ??
Has anyone got any ideas what I can try and do next in order to solve
this.
Thanks in advance,
Jim
| |
| Ravi Shankar 2005-09-28, 7:50 am |
| IMHO, for two sites to share the same basket, they should share the Profiles,
Marketing, Discounts, Catalog resources also. It would be simpler to
implement this as TWO applications within the same site.
IF they don't do functionally different things then you could have the same
app with dev.mystore.com & secure.mystore.com as TWO entries in the DNS and
make dev.mystore.com as the non-secure hostname while secure.mystore.com is
the secure site name (Commerce Server Manager, Site, Applications, MySTore
properties)
--
Ravi Shankar
"BeerBoy" wrote:
> I have one site with two host headers :
>
> dev.mystore.com (http) and secure.mystore.com (https)
>
> All works fine except when I swap between the sites - if I add
> something into the basket in one and then browse to the second I want
> to have the same basket - however this is not working.
>
> I assume the reason is that they are not sharing cookies.
>
> I've configure commerce server manager so non-secure hostname is
> 'dev.mystore.com' and secure hostname is 'secure.mystore.com', I have
> also ticked 'Autocookie' and enabled the authentication filter. Finally
> I've set the number of shared domain levels to be 2, but all this
> doesn't seem to work.
>
> When I use firefox and look at the cookies I can see the 'host' entry
> is either 'secure.mystore.com' or 'dev.mystore.com' depending on the
> site visited. I had somehow expected both sites to write cookies called
> just 'mystore.com' ??
>
> Has anyone got any ideas what I can try and do next in order to solve
> this.
>
> Thanks in advance,
>
> Jim
>
>
| |
| BeerBoy 2005-09-28, 6:00 pm |
| Hi Ravi,
Yes the 'two' sites are identical and infact is as you say just one
application with 2 DNS entries. I have made 'dev.mystore.com' the
non-secure name and 'secure.mystore.com' the secure name.
My point is that this doesn't seem to work.
If I browse to dev.mystore.com I will get an anonymous profile, now
suppose I add some items to my basket and then close the browser.
Now I open a new browser and browse to secure.mystore.com - alas the
basket is empty, implying I've been given a new anonymous profile.
So I browse back to dev.mystore.com and my basket is there again with
the items in it.
It appears the cookies are not being shared event though I done as you
have said and also set number of shared domain levels to 2.
Any ideas ?? I'm out of them :-(
Regards
Jim
| |
| Ravi Shankar 2005-09-28, 6:00 pm |
| I think there is some mechanism to have domain specific cookies just forget
where I read about them. If you can locate and amend the authentication
modules to support domain level cookies, that should solve your problem.
Also, do you want your site to support baskets for anonymous users ? Cleaning
up orphaned baskets is a administrative headache (more like a nightmare)
Does the site behave the same way for registered users ?
On a nitpicking note ;), if the site & functionality is same then why two
names huh ?
--
Ravi Shankar
"BeerBoy" wrote:
> Hi Ravi,
>
> Yes the 'two' sites are identical and infact is as you say just one
> application with 2 DNS entries. I have made 'dev.mystore.com' the
> non-secure name and 'secure.mystore.com' the secure name.
>
> My point is that this doesn't seem to work.
>
> If I browse to dev.mystore.com I will get an anonymous profile, now
> suppose I add some items to my basket and then close the browser.
>
> Now I open a new browser and browse to secure.mystore.com - alas the
> basket is empty, implying I've been given a new anonymous profile.
>
> So I browse back to dev.mystore.com and my basket is there again with
> the items in it.
>
> It appears the cookies are not being shared event though I done as you
> have said and also set number of shared domain levels to 2.
>
> Any ideas ?? I'm out of them :-(
>
>
> Regards
>
>
> Jim
>
>
| |
| BeerBoy 2005-09-29, 5:58 pm |
| Hi Ravi,
What does the 'number of shared domain levels' field do in Commerce
Manager - I thought this allow cookie sharing ?
The reason for the 2 names is that's what the customer wants :-)
Something to do with their routing / security policy ????
Jim
| |
| Ravi Shankar 2005-09-29, 5:58 pm |
| Hi Jim,
You're correct
(http://msdn.microsoft.com/library/d...cation_lctm.asp)
says so too but it does not mention anything about doing so between different
protocols (HTTP/HTTPS). Maybe log a call with Microsoft to get help/answer.
--
Ravi Shankar
"BeerBoy" wrote:
> Hi Ravi,
>
> What does the 'number of shared domain levels' field do in Commerce
> Manager - I thought this allow cookie sharing ?
>
> The reason for the 2 names is that's what the customer wants :-)
> Something to do with their routing / security policy ????
>
> Jim
>
>
| |
| Colin Bowern 2005-09-29, 5:58 pm |
| Jim,
You are correct in that the setting allows for sharing of cookies across
domains. See the "Enabling Cookie Sharing Across Domains" section in the
Commerce Server 2002 documentation.
Cheers,
Colin
> Hi Ravi,
>
> What does the 'number of shared domain levels' field do in Commerce
> Manager - I thought this allow cookie sharing ?
>
> The reason for the 2 names is that's what the customer wants :-)
> Something to do with their routing / security policy ????
>
> Jim
>
| |
| Ravi Shankar 2005-09-29, 5:58 pm |
| Jim,
On further digging I found the note about HTTP/HTTPS at this link
(http://msdn.microsoft.com/library/d...ncepts_pwht.asp).
This states that the domain is built from the secure/non-secure host names so
can you confirm that your secure hostname configured in Commerce Server
Manager is secure.mysite.com while the non-secure hostname should be set to
dev.mysite.com.
Then and only then it would work 
--
Ravi Shankar
"Ravi Shankar" wrote:
[vbcol=seagreen]
> Hi Jim,
>
> You're correct
> (http://msdn.microsoft.com/library/d...cation_lctm.asp)
> says so too but it does not mention anything about doing so between different
> protocols (HTTP/HTTPS). Maybe log a call with Microsoft to get help/answer.
> --
> Ravi Shankar
>
>
> "BeerBoy" wrote:
>
| |
| BeerBoy 2005-09-29, 5:58 pm |
| Hi Ravi,
Yes my secure/non-secure hostnames are set up as you suggested - but
the cookies still don't share :-(
|
|
|
|
|