Frameset missing cookies

Frameset missing cookies

am 28.01.2008 14:21:21 von Sanjib Biswas

Hi,



I have an ASP.Net application that runs in the localhost (site-A).
With-in the .cs file I am accessing another site (site-B) that returns me
cookies. I am also able to do a Post on that site and its working. But when
I set the returned cookies from site-B in the response header, the cookies
are not visible in site-A. How do I get around to this problem?



I have noticed that if both site-A & site-B are on the same host then site-A
is able to see the cookies set by site-B.



Pseudo code

=========

site-A (GET)

site-B (GET)

Cookies set

site-B (POST)

set cookies in the response header

write the data (received from POST request - contains frameset)



Response.AddHeader("P3P", "CP=\"CAO PSA OUR\"");
Response.Cookies["system"].Value = "prod";
....
// write the page to the browser
Response.Write(result);

Sniffing HTTP packets reveals that, response header request of site-A has
the P3P policy header and the cookies. But site-A is unable to set the
cookies in subsequent calls to retrieve the content from the frames.

Thanks
Sanjib

Re: Frameset missing cookies

am 28.01.2008 19:57:40 von DFS

thats correct, browser security requires that cookies are only shared
between site with the same domain (or sub domain) specfied when the
cookie is created. there must at least one dot in the subdomain.

-- bruce (sqlwork.com)

Sanjib Biswas wrote:
> Hi,
>
>
>
> I have an ASP.Net application that runs in the localhost (site-A).
> With-in the .cs file I am accessing another site (site-B) that returns me
> cookies. I am also able to do a Post on that site and its working. But when
> I set the returned cookies from site-B in the response header, the cookies
> are not visible in site-A. How do I get around to this problem?
>
>
>
> I have noticed that if both site-A & site-B are on the same host then site-A
> is able to see the cookies set by site-B.
>
>
>
> Pseudo code
>
> =========
>
> site-A (GET)
>
> site-B (GET)
>
> Cookies set
>
> site-B (POST)
>
> set cookies in the response header
>
> write the data (received from POST request - contains frameset)
>
>
>
> Response.AddHeader("P3P", "CP=\"CAO PSA OUR\"");
> Response.Cookies["system"].Value = "prod";
> ...
> // write the page to the browser
> Response.Write(result);
>
> Sniffing HTTP packets reveals that, response header request of site-A has
> the P3P policy header and the cookies. But site-A is unable to set the
> cookies in subsequent calls to retrieve the content from the frames.
>
> Thanks
> Sanjib
>
>