Menu
I have an application1(C#) that is hosted on port:80 and application 2(nodejs) that is hosted on port:3030. Both are on localhost.
The request workflow is as following:
Things I have tried/understood:
In Application 1 (its using System.Web.HttpCookie) i have tried to set the domain to be port specific ("127.0.0.1:3030") but seems like the browser doesnt accept it or ignore it.
//c# code
var testCookie1 = new HttpCookie("Test", "testValue");
testCookie1.Domain = "127.0.0.1:3030";
testCookie1.Path = "/";
testCookie1.Expires = DateTime.Now.AddDays(1);
Response.SetCookie(testCookie1);
var testCookie2 = new HttpCookie("Test2", "testValue2");
testCookie2.Domain = "127.0.0.1";
testCookie2.Path = "/";
testCookie2.Expires = DateTime.Now.AddDays(1);
Response.SetCookie(testCookie2);
The server sends back a cookie with the port number attached to it but the browser seems like it ignores it.
and here is my ajax calls:
var request = $.ajax({
url: 'http://127.0.0.1:3030/SomeTask',
type: 'POST',
crossDomain: true,
});
428
The browser will make a cookie available to the given domain including any sub-domains, no matter which protocol (HTTP/HTTPS) or port is used. When you set a cookie, you can limit its availability using the Domain , Path , Secure , and HttpOnly flags.
Cookies that are stored and accessed under a specific domain cannot be accessed from a page hosted on another domain. Therefore, the cookie data has to be passed along when leaving one domain and going to the other one.
Cross-site cooking is a type of browser exploit which allows a site attacker to set a cookie for a browser into the cookie domain of another site server .
Cookie is not shared among different browsers. Means, one browser cannot read the cookie stored by another browser even if it is same domain. As per HTTP protocol, size of the cookies cannot be greater than 4KB. Number of cookies sent by web server for a given domain cannot be unlimited.
Your domain is the same in this case localhost, so there shouldn't be any problem.
Another thing is: the port is part of an URI, not of a domain, the domain is also part of an URI, so you are mixing apples and fruits...
Please refer to this another question in SO
The rfc clearly states
Introduction
For historical reasons, cookies contain a number of security and privacy infelicities. For example, a server can indicate that a given cookie is intended for "secure" connections, but the Secure attribute does not provide integrity in the presence of an active network attacker. Similarly, cookies for a given host are shared across all the ports on that host, even though the usual "same-origin policy" used by web browsers isolates content retrieved via different ports.
I didn't give a try myself.
In my job, we have to share cookies across subdomains (not ports) setting a dot in front of the domain
var testCookie1 = new HttpCookie("Test", "testValue");
testCookie1.Domain = "." + mydomain;
This way x.mydomain and y.mydomain will share cookies.
So, try not to set the port in the cookies, and use the name localhost instead the resolved ipaddress.
You can simulate production setting in your hosts file something like:
127.0.0.1 myawesomesubdomain.thisdomainnotexist.com.tr
and then set the cookie to that domain without the port
54
Here are a two different solutions you can try:
38
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
