Do domains override cookies? Why?

[Guest]

I think I may have a problem with the user of cookies in my centralized
logon and registration system that I hoped could be consumed by all the
sub-domains on my remote host IP.

I built the application in the root of the IP and redirect the user back to
his requested page after his Login. Just before this I set a permanent
cookie.

But, it appears when the user gets back to the page its GONE.

However, if I go to the same address via IP and correct folder path IT is.

How can this be...I thought a cookie was written to the browser...what
difference does the domain make....can I salvage this application without
having to deploy it in mutliple sub-domains?

Appreciate any help here.
Jason

 

[Guest]

Ok...I just figured this out in my head...if this was not so, I could read
cookies set by eg: Amazon...this makes sense.

But, surely since I control the domains and sub-webs on my remote web host
IP I should be able to somehow work around this.....

I cannot believe one has to deploy duplcate registration/login systems to
seperate folders on the same IP even if they have different domains?

There must be a way for me to overcome this?

Appreciate some help here.

Thanks
Jason

 

[Bob Barrows [MVP]]

Ok...I just figured this out in my head...if this was not so, I could
read cookies set by eg: Amazon...this makes sense.

But, surely since I control the domains and sub-webs on my remote web
host IP I should be able to somehow work around this.....

I cannot believe one has to deploy duplcate registration/login
systems to seperate folders on the same IP even if they have
different domains?

There must be a way for me to overcome this?

Use a database instead of cookies.

Bob Barrows

 

[Guest]

My system is built on top of a database. If the user does not have cookies
he has to login each time to see the desiired page...problem getting the
cookies across domains.

I did consider this idea:
http://www.asp101.com/articles/chris/transfercookies/default.asp
...but seems messy.

I also realise Aaron has a different approach with his js shopping
cart...but unclear how to adapt my code to fit either of the above models.

- Jason

 

[Guest]

Bob, as I understand it the Database ID approach (instead of cookies or
sessions) involves generating a unique id for a user when he enters the site
or my 'secure page' for the first time...I understand this. But this is what
I don't get:

1. Even If I generate a random ID for the user, how will I know or
'Remember' who is he is the next time he enters the site...as soon he leaves
that resident
ID in the database user table cannot be assigned back to him on his return
as I have no idea who is he is.

I understand that is great for tracking Anon users around the site but even
if force him to register or re-login in a certain point I still don't see
how I can 'remember' who is without using cookies.

Thanks
Jason

 

[Guest]

Ok, I took a look at the cart example off aspfaq. I entered the site three
time in 5 minutes and was assigned a unique id:

(7) 127.0.0.18/21/2004 2:42:57 PM8/21/2004 2:43:03 PM
(8) 127.0.0.18/21/2004 2:48:05 PM8/21/2004 2:48:05 PM
(9)127.0.0.18/21/2004 2:48:06 PM8/21/2004 2:51:23 PM

This means I one person could end up having hundreds of unique ides and this
is PRIOR to getting him to login or register for the first time.

Does this not create huge database performance overheads - even in sql
server.....

As my sites are built informational pages that require registration or
re-logging in I am struggling to work out how to use this system.

Would I have to assign a 'Master ID' once he registers which all the
previous anon ids are linked to.......

Thanks
Jason

 

[Roland Hall]

: Ok, I took a look at the cart example off aspfaq. I entered the site three
: time in 5 minutes and was assigned a unique id:
:
: (7) 127.0.0.18/21/2004 2:42:57 PM8/21/2004 2:43:03 PM
: (8) 127.0.0.18/21/2004 2:48:05 PM8/21/2004 2:48:05 PM
: (9)127.0.0.18/21/2004 2:48:06 PM8/21/2004 2:51:23 PM
:
: This means I one person could end up having hundreds of unique ides and
this
: is PRIOR to getting him to login or register for the first time.
:
: Does this not create huge database performance overheads - even in sql
: server.....
:
: As my sites are built informational pages that require registration or
: re-logging in I am struggling to work out how to use this system.
:
: Would I have to assign a 'Master ID' once he registers which all the
: previous anon ids are linked to.......

Jason...

A cookie is stored on a client. You are gambling that the user will never
delete the cookie. If they do, they have to get a new cookie so what is the
difference with using a GUID vs a cookie? The GUID is stored in the
database so you know who the user is each time, however, they will have to
logon or you could also use a cookie and log them in if it's set, if not,
offer them to either logon with their username/password if a repeat visitor
or allow them to create an account if they're new.

Users are used to logging in. If you rely on a client-side solution, you
have no control over it's longevity. If you use GUIDs, you have control but
the users have to logon, IF their cookie is not set, considering you use
both. The only other option is don't track them.

--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
WSH 5.6 Documentation - http://msdn.microsoft.com/downloads/list/webdev.asp
MSDN Library - http://msdn.microsoft.com/library/default.asp

 

[Guest]

Hi Roland....actually my current system degrades gracefully depending on
whether:

1. Cookies disabled
2. Cookies deleted

If either of these conditions is true I FORCE the user to login each and
every time he comes through a secure page.

I have also made sure there is an additionaly database check for the expiry
date which overrides the cookie expiry date if need be.

I now understand that the GUID approach does not allow 'REMEMBERENCE' that
cookies can allow. This is what is was throwing me.

When I was looking at Aaron's example I thought perhaps there was some
rememberence in there but now I realise it only lasts for the
duration of the user session and it is up to me to still add in login
security with NO rememberence.

I am now trying to work out a way to allow my centralized IP lognn system to
be consumed by children domains on the IP.

I realise that cookies do not work across domains but I have found two
possible solutions:

1. Javascript include:
http://www.pathlore.com/customer/support/tech_tip_may2003.asp

2. Image download method:

http://www.eggheadcafe.com/ng/microsoft.public.inetserver.asp.components
/post196513.asp

3. Redirect method:

http://www.asp101.com/articles/chris/transfercookies/default.asp

- Jason




My biggest problem now is finding a way