• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

"kind of" a cross-domain cookie problem with .NET 2 web app

StageLeft

StageLeft

No Lifer
I received guidance in another thread, but know more about this issue now. I have a .net 2.0 app on IIS trying to write cookies. It's very vanilla. The cookie writing and reading works fine in any browser. The site is located at server2.hosting.<webhost>.com with a url like server1.hosting.<webhost>.com/App.aspx

I have another server at www.johndoe.com. The server's hard address is server5.hosting.<webhost>.com, but we're using the johndoe.com domain name.

Here's the problem: On www.johndoe.com we have some pages and on one of them is an iframe pointing to server1.hosting.<webhost>.com/App.aspx. When one browses to www.johndoe.com and via the iframe navigates to the app.aspx page, cookies are completely useless in IE; they do not work in the least. In firefox they work flawlessly.

I know this is some domain issue, but I cannot seem to solve it based on any google readings or code fiddling. My guess is that a visit to app.aspx within the iframe does issue cookies to johndoe.com and internet explorer says no thank you, so then when app.aspx asks for them again, there is nothing that IE can feed back.

So I'm not trying to have app.aspx write to anything on johndoe, but it's like the browser is too stupid to realize that the iframe is a separate site and handle it separately, whereas firefox can.

And, sorry, telling users to use firefox isn't an option, I'm afraid!
 
You need a different domain name for your IFRAME site. Otherwise, you're at the mercy of users' privacy settings.

In FireFox 3.x, under Tools / Options / Privacy, disable third-party cookies. My guess is that your site won't work.

In IE, under Tools / Internet Options / Privacy, click the Advanced button, select Override and set Third-Party Cookies to Accept. My guess is that things will work in IE.

The point is that you shouldn't be relying on user's browser settings for site functionality. The only way to do that is to ensure all of your cards work with the same root domain name.
 
You are correct, MrChad, with your guess.

A problem is that johndoe.com has the iframe, but so too does janedoe.com and superduper.com; about four sites or so all point to the same iframe.

The previous iteration of this app used the same technology version as they did, asp, and was copied multiple times throughout them.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top