Cookies

M

Matthew Laping

I'm in the process of creating a web farm, however my cookie information is
not seen by both servers. I'm thinking it might be a security issue because
my web farm is not fully functional. Supposedly a cookie can only be
accessed from the same domain and I need to know to what extend. Is it truly
the domain name, is it the ip address or is it the host+domain name.

Hopefully this can better pain the picture
web1 - resolved to a true ip address; www.domanin.com
web2 - resolved to an internal ip address; www1.domain.com

Thank you,
Matthew
 
A

Anthony Jones

Matthew Laping said:
I'm in the process of creating a web farm, however my cookie information is
not seen by both servers. I'm thinking it might be a security issue because
my web farm is not fully functional. Supposedly a cookie can only be
accessed from the same domain and I need to know to what extend. Is it truly
the domain name, is it the ip address or is it the host+domain name.

Hopefully this can better pain the picture
web1 - resolved to a true ip address; www.domanin.com
web2 - resolved to an internal ip address; www1.domain.com
Click to expand...

Cookies are limited to the URL path that was set for them. The IP address
et al that finally receives a request isn't important. All that is
important is what URL the browser is requesting. Any cookies it has that
are found in any part of the URL path will be added to the request.
 
M

Matthew Laping

Anthony...thanks for the response. So just to make sure I'm reading this
correctly...the cookies should be seen if the url is www1.domain.com or
www2.domain.com or www.domain.com

Matthew
 
A

Anthony Jones

Matthew Laping said:
Anthony...thanks for the response. So just to make sure I'm reading this
correctly...the cookies should be seen if the url is www1.domain.com or
www2.domain.com or www.domain.com
Click to expand...

Nope the browser will not send a cookie it has received in response to a
request to www1.domain.com when making a request to www2.domain.com.

It is possible to set a cookie with a domain. Such as:-

With Response.Cookies("MyCookie")
.Item = "SomeValue"
.Expires = DateAdd("d", 2, Now()) 'Cookie expires in two days
.Domain = ".domain.com"
.Path = "/"
End With

That will attempt to create a cookie in the client that will be sent to all
the host names you described above regardless of which one of them is
setting it.

This has some problems. Session cookies cannot have a domain specified
hence the expiry needs to be set. However this means that the cookie may
well survive a browser restart or even a machine reboot which may not be
desirable. Also its common for people to have cookie handling set to
disallow persistent cookies.

Having said all that I don't think this is really a problem for you. Your
client machines should all perceive the web site as www.domain.com. Whether
www1 or www2 is actually handling a request is transparent to the browser,
if a Set-Cookie is received it will be seen as coming from www.domain.com .
Any subsequent request will be include the cookie.

Have you disabled Sessions in the web site? If not you will need Session
affiliation so once a client has started a session all requests for that
session will go to the same server anyway.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

cookies 101 3
ASP Cookies 2
Cookies? 5
Cookies 0
Is order matter in Cookies? 2
How to keep cookies when making http requests (Python 2.7) 8
Do domains override cookies? Why? 7
Setting Cookies 2

Members online

Total: 41 (members: 1, guests: 40)
Robots: 350

Forum statistics

Threads
473,995
Messages
2,570,236
Members
46,822
Latest member
israfaceZa

Latest Threads

Top