Re: ASP.NET and third party cookies

Oh, and in terms of docs, RFC2109 might help. It mentions the way to form
the domain when issuing the cookie.

http://www.ietf.org/rfc/rfc2109.txt

-Brock
http://staff.develop.com/ballen


> -----Original Message-----
> From: Discussion of building .NET applications targeted for
> the Web [mailto:DOTNET-WEB@xxxxxxxxxxxxxxxxxxx] On Behalf Of
> Brock Allen
> Sent: Wednesday, January 19, 2005 8:19 PM
> To: DOTNET-WEB@xxxxxxxxxxxxxxxxxxx
> Subject: Re: [DOTNET-WEB] ASP.NET and third party cookies
>
> You'd need to test this, but I believe if you set the domain
> on the cookie,
> then it will be passed to subdomains, as such:
>
> HttpCookie c = new HttpCookie("MyCookie");
> c.Value = "value";
> c.Domain = ".test.com";
> Response.Cookies.Add(c);
>
> Note the extra "." in the domain. If it's formed this way, then it's
> supposed to be sent along to the subdomain. Like I said,
> you'll have to test
> this, but I don't see why the different IP of the subdomain
> should matter.
>
> -Brock
> http://staff.develop.com/ballen
>
>
> > -----Original Message-----
> > From: Discussion of building .NET applications targeted for
> > the Web [mailto:DOTNET-WEB@xxxxxxxxxxxxxxxxxxx] On Behalf Of
> > Brian Vallelunga
> > Sent: Wednesday, January 19, 2005 8:01 PM
> > To: DOTNET-WEB@xxxxxxxxxxxxxxxxxxx
> > Subject: [DOTNET-WEB] ASP.NET and third party cookies
> >
> > I'm working on a website that is merging with another
> > company's site. My
> > site is ASP.NET based and will be running on a separate server. We
> > aren't going to allow access to my site unless the user has
> a certain
> > cookie set by the main site. I'm a little unsure of how to
> check this.
> >
> > Their site is http://test.com/
> > My site will be http://mysite.test.com/
> >
> > Do they just need to point DNS to my server for this to work?
> > I know the
> > name of the cookie to check, but am unsure if I will be able
> > to actually
> > read it from my server. What are the specifics for this? I
> > believe there
> > is some sort of security in place for cookies, but am
> unsure of how it
> > works with third level domains. Any thoughts/documentation for doing
> > this?
> >
> > Thanks,
> > Brian
> >
> > ===================================
> > This list is hosted by DevelopMentor.  http://www.develop.com
> >
> > View archives and manage your subscription(s) at
> > http://discuss.develop.com
> >
>
> ===================================
> This list is hosted by DevelopMentor.  http://www.develop.com
>
> View archives and manage your subscription(s) at
> http://discuss.develop.com
>

===================================
This list is hosted by DevelopMentor®  http://www.develop.com

View archives and manage your subscription(s) at http://discuss.develop.com