Assistance is required on enabling a cookie to be used cross sub domains. Unable to set the cookie to correct value in javascript. I am not sure if Javascript is failing to set the cookie or MVC.NET is rejecting the request cookie.
Browsers not working
When setting my web.config
to use <httpCookies domain=".adomain.com" />
things start to go horribly wrong.
I have some javascript code, in conjuction with pickadate.js datepicker which changes the cookie value to the date selected by a user.
Javascript Function
// Call pickadate API to retrieve selected date
var dateString = this.get('select', 'dd/mm/yyyy');
var cd = new Date();
var exp = cd.setMinutes(cd.getMinutes() + 10)
setCookie("_date", dateString, new Date(exp), "/", ".adomain.com");
window.location.reload();
function setCookie(name, value, expires, path, theDomain, secure) {
value = escape(value);
var theCookie = name + "=" + value +
((expires) ? "; expires=" + expires.toGMTString() : "") +
((path) ? "; path=" + path : "") +
((theDomain) ? "; domain=" + theDomain : "") +
((secure) ? "; secure" : "");
document.cookie = theCookie;
}
What .NET is doing when it receives the request Once the datepicker has been changed, it will refresh to page, sending a new request with the date in the cookie. This is picked up a MVC.NET controller. However, the cookie is not changing on the clientside.
if(this.ControllerContext.HttpContext.Request.Cookies.AllKeys.Contains("_date"))
{
cookie.Value = this.ControllerContext.HttpContext.Request.Cookies[sessionDate].Value;
// Do some logic with date to retrieve products
} else {
// Set cookie.value to today's date
}
cookie.HttpOnly = false;
cookie.Path = "/";
cookie.Secure = true;
this.ControllerContext.HttpContext.Response.Cookies.Set(cookie);
The http request contains the following duplicate for _date:
_date=30/07/2015;
_date=31/07/2015;
but the date should equal 31/07/2015, but i have duplicates. The domains are different in the chrome resouce tab.
_date=30/07/2015; domain=.adomain.com << I NEED IT TO BE THIS DOMAIN SETTING _date=30/07/2015; domain=sub.adomain.com
To share cookies across subdomains, you can simply create cookies with the domain directive set to the parent domain, in this case, example.com, rather than either of the specific subdomains.
Cookies are used to remember information about your preferences and to keep track of your activities on the website. Cookies can be shared across domains, which means that a website from one domain can access the cookies from another domain.
Subdomains are Viewed as Separate SitesBy keeping your content separate from your website, you decrease the SEO value of your main website and lose many visitor benefits and ranking factors.
If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain.
While I am not a .NET expert, It is possible to explicitly specify the domain for the cookie in the Set-Cookie header. As per RFC 6265, if you specify the domain in the header as example.com
then the cookie would be also available to www.example.com
and subdomain.example.com
. Subdomains are not considered as external domains and hence it is not a security violation.
Probably adding something like this before sending the cookie in your controller should work
cookie.Domain = "adomain.com";
This is not possible because of security reasons. detailed info here
You could try using an iFrame to set the cookie like Facebook does this.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With