Cookies

I'm in the process of creating a web farm, however my cookie information is
not seen by both servers. I'm thinking it might be a security issue because
my web farm is not fully functional. Supposedly a cookie can only be
accessed from the same domain and I need to know to what extend. Is it truly
the domain name, is it the ip address or is it the host+domain name.

Hopefully this can better pain the picture
web1 - resolved to a true ip address; www.domanin.com
web2 - resolved to an internal ip address; www1.domain.com

Thank you,
Matthew

Re: Cookies

"Matthew Laping" wrote in message
news:OSxc9FPYHHA.2552@TK2MSFTNGP06.phx.gbl...
> I'm in the process of creating a web farm, however my cookie information
is
> not seen by both servers. I'm thinking it might be a security issue
because
> my web farm is not fully functional. Supposedly a cookie can only be
> accessed from the same domain and I need to know to what extend. Is it
truly
> the domain name, is it the ip address or is it the host+domain name.
>
> Hopefully this can better pain the picture
> web1 - resolved to a true ip address; www.domanin.com
> web2 - resolved to an internal ip address; www1.domain.com
>

Cookies are limited to the URL path that was set for them. The IP address
et al that finally receives a request isn't important. All that is
important is what URL the browser is requesting. Any cookies it has that
are found in any part of the URL path will be added to the request.



> Thank you,
> Matthew
>
>

Re: Cookies

Anthony...thanks for the response. So just to make sure I'm reading this
correctly...the cookies should be seen if the url is www1.domain.com or
www2.domain.com or www.domain.com

Matthew


"Anthony Jones" wrote in message
news:Od50dgQYHHA.3996@TK2MSFTNGP02.phx.gbl...
>
> "Matthew Laping" wrote in message
> news:OSxc9FPYHHA.2552@TK2MSFTNGP06.phx.gbl...
>> I'm in the process of creating a web farm, however my cookie information
> is
>> not seen by both servers. I'm thinking it might be a security issue
> because
>> my web farm is not fully functional. Supposedly a cookie can only be
>> accessed from the same domain and I need to know to what extend. Is it
> truly
>> the domain name, is it the ip address or is it the host+domain name.
>>
>> Hopefully this can better pain the picture
>> web1 - resolved to a true ip address; www.domanin.com
>> web2 - resolved to an internal ip address; www1.domain.com
>>
>
> Cookies are limited to the URL path that was set for them. The IP address
> et al that finally receives a request isn't important. All that is
> important is what URL the browser is requesting. Any cookies it has that
> are found in any part of the URL path will be added to the request.
>
>
>
>> Thank you,
>> Matthew
>>
>>
>
>

Re: Cookies

"Matthew Laping" wrote in message
news:u7Mg9tZYHHA.4368@TK2MSFTNGP06.phx.gbl...
> Anthony...thanks for the response. So just to make sure I'm reading this
> correctly...the cookies should be seen if the url is www1.domain.com or
> www2.domain.com or www.domain.com
>

Nope the browser will not send a cookie it has received in response to a
request to www1.domain.com when making a request to www2.domain.com.

It is possible to set a cookie with a domain. Such as:-

With Response.Cookies("MyCookie")
.Item = "SomeValue"
.Expires = DateAdd("d", 2, Now()) 'Cookie expires in two days
.Domain = ".domain.com"
.Path = "/"
End With

That will attempt to create a cookie in the client that will be sent to all
the host names you described above regardless of which one of them is
setting it.

This has some problems. Session cookies cannot have a domain specified
hence the expiry needs to be set. However this means that the cookie may
well survive a browser restart or even a machine reboot which may not be
desirable. Also its common for people to have cookie handling set to
disallow persistent cookies.

Having said all that I don't think this is really a problem for you. Your
client machines should all perceive the web site as www.domain.com. Whether
www1 or www2 is actually handling a request is transparent to the browser,
if a Set-Cookie is received it will be seen as coming from www.domain.com .
Any subsequent request will be include the cookie.

Have you disabled Sessions in the web site? If not you will need Session
affiliation so once a client has started a session all requests for that
session will go to the same server anyway.


> Matthew
>
>
> "Anthony Jones" wrote in message
> news:Od50dgQYHHA.3996@TK2MSFTNGP02.phx.gbl...
> >
> > "Matthew Laping" wrote in message
> > news:OSxc9FPYHHA.2552@TK2MSFTNGP06.phx.gbl...
> >> I'm in the process of creating a web farm, however my cookie
information
> > is
> >> not seen by both servers. I'm thinking it might be a security issue
> > because
> >> my web farm is not fully functional. Supposedly a cookie can only be
> >> accessed from the same domain and I need to know to what extend. Is it
> > truly
> >> the domain name, is it the ip address or is it the host+domain name.
> >>
> >> Hopefully this can better pain the picture
> >> web1 - resolved to a true ip address; www.domanin.com
> >> web2 - resolved to an internal ip address; www1.domain.com
> >>
> >
> > Cookies are limited to the URL path that was set for them. The IP
address
> > et al that finally receives a request isn't important. All that is
> > important is what URL the browser is requesting. Any cookies it has
that
> > are found in any part of the URL path will be added to the request.
> >
> >
> >
> >> Thank you,
> >> Matthew
> >>
> >>
> >
> >
>
>