Cookies

**Anthony Jones** · Mar 7 '07, 10:45 PM

Re: Cookies

"Matthew Laping" <mlaping@alumni research.comwro te in message
news:OSxc9FPYHH A.2552@TK2MSFTN GP06.phx.gbl...

I'm in the process of creating a web farm, however my cookie information

is

not seen by both servers. I'm thinking it might be a security issue

because

my web farm is not fully functional. Supposedly a cookie can only be
accessed from the same domain and I need to know to what extend. Is it

truly

the domain name, is it the ip address or is it the host+domain name.
>
Hopefully this can better pain the picture
web1 - resolved to a true ip address; www.domanin.com
web2 - resolved to an internal ip address; www1.domain.com
>

Cookies are limited to the URL path that was set for them. The IP address
et al that finally receives a request isn't important. All that is
important is what URL the browser is requesting. Any cookies it has that
are found in any part of the URL path will be added to the request.

Thank you,
Matthew
>
>

**Matthew Laping** · Mar 8 '07, 04:15 PM

Re: Cookies

Anthony...thank s for the response. So just to make sure I'm reading this
correctly...the cookies should be seen if the url is www1.domain.com or
www2.domain.com or www.domain.com

Matthew

"Anthony Jones" <Ant@yadayadaya da.comwrote in message
news:Od50dgQYHH A.3996@TK2MSFTN GP02.phx.gbl...

>
"Matthew Laping" <mlaping@alumni research.comwro te in message
news:OSxc9FPYHH A.2552@TK2MSFTN GP06.phx.gbl...

>I'm in the process of creating a web farm, however my cookie information

is

>not seen by both servers. I'm thinking it might be a security issue

because

>my web farm is not fully functional. Supposedly a cookie can only be
>accessed from the same domain and I need to know to what extend. Is it

truly

>the domain name, is it the ip address or is it the host+domain name.
>>
>Hopefully this can better pain the picture
>web1 - resolved to a true ip address; www.domanin.com
>web2 - resolved to an internal ip address; www1.domain.com
>>

>
Cookies are limited to the URL path that was set for them. The IP address
et al that finally receives a request isn't important. All that is
important is what URL the browser is requesting. Any cookies it has that
are found in any part of the URL path will be added to the request.
>
>
>

>Thank you,
>Matthew
>>
>>

>
>

**Anthony Jones** · Mar 8 '07, 05:05 PM

Re: Cookies

"Matthew Laping" <mlaping@alumni research.comwro te in message
news:u7Mg9tZYHH A.4368@TK2MSFTN GP06.phx.gbl...

Anthony...thank s for the response. So just to make sure I'm reading this
correctly...the cookies should be seen if the url is www1.domain.com or
www2.domain.com or www.domain.com
>

Nope the browser will not send a cookie it has received in response to a
request to www1.domain.com when making a request to www2.domain.com .

It is possible to set a cookie with a domain. Such as:-

With Response.Cookie s("MyCookie")
.Item = "SomeValue"
.Expires = DateAdd("d", 2, Now()) 'Cookie expires in two days
.Domain = ".domain.co m"
.Path = "/"
End With

That will attempt to create a cookie in the client that will be sent to all
the host names you described above regardless of which one of them is
setting it.

This has some problems. Session cookies cannot have a domain specified
hence the expiry needs to be set. However this means that the cookie may
well survive a browser restart or even a machine reboot which may not be
desirable. Also its common for people to have cookie handling set to
disallow persistent cookies.

Having said all that I don't think this is really a problem for you. Your
client machines should all perceive the web site as www.domain.com. Whether
www1 or www2 is actually handling a request is transparent to the browser,
if a Set-Cookie is received it will be seen as coming from www.domain.com .
Any subsequent request will be include the cookie.

Have you disabled Sessions in the web site? If not you will need Session
affiliation so once a client has started a session all requests for that
session will go to the same server anyway.

Matthew
>
>
"Anthony Jones" <Ant@yadayadaya da.comwrote in message
news:Od50dgQYHH A.3996@TK2MSFTN GP02.phx.gbl...

"Matthew Laping" <mlaping@alumni research.comwro te in message
news:OSxc9FPYHH A.2552@TK2MSFTN GP06.phx.gbl...

I'm in the process of creating a web farm, however my cookie

information

is

not seen by both servers. I'm thinking it might be a security issue

because

my web farm is not fully functional. Supposedly a cookie can only be
accessed from the same domain and I need to know to what extend. Is it

truly

the domain name, is it the ip address or is it the host+domain name.
>
Hopefully this can better pain the picture
web1 - resolved to a true ip address; www.domanin.com
web2 - resolved to an internal ip address; www1.domain.com
>

Cookies are limited to the URL path that was set for them. The IP

address

et al that finally receives a request isn't important. All that is
important is what URL the browser is requesting. Any cookies it has

that

are found in any part of the URL path will be added to the request.

Thank you,
Matthew
>
>

>
>

Cookies

Cookies

Comment

Comment

Comment