Sharing Cookie between different ports

13,437

Solution 1

Your domain is the same in this case localhost, so there shouldn't be any problem.

Another thing is: the port is part of an URI, not of a domain, the domain is also part of an URI, so you are mixing apples and fruits...

Please refer to this another question in SO

The rfc clearly states

Introduction

For historical reasons, cookies contain a number of security and privacy infelicities. For example, a server can indicate that a given cookie is intended for "secure" connections, but the Secure attribute does not provide integrity in the presence of an active network attacker. Similarly, cookies for a given host are shared across all the ports on that host, even though the usual "same-origin policy" used by web browsers isolates content retrieved via different ports.

I didn't give a try myself.

In my job, we have to share cookies across subdomains (not ports) setting a dot in front of the domain

var testCookie1 = new HttpCookie("Test", "testValue"); testCookie1.Domain = "." + mydomain;

This way x.mydomain and y.mydomain will share cookies.

So, try not to set the port in the cookies, and use the name localhost instead the resolved ipaddress.

You can simulate production setting in your hosts file something like:

127.0.0.1   myawesomesubdomain.thisdomainnotexist.com.tr

and then set the cookie to that domain without the port

Solution 2

Here are a two different solutions you can try:

  1. Run an Apache server and route the requests to either servers
  2. Disable security( i.e., same origin policy) in the browsers.

Solution 3

In order to share cookies, your two apps should be on se same domain, like app1.myapp.com and app2.myapp.com, this way they both have access to myapp.com cookies.

You can emulate this in local, by setting :

127.0.0.1 app1.myapp.com
127.0.0.1 app2.myapp.com

in your host file located in C:\Windows\System32\drivers\etc or /etc/hosts

Share:
13,437

Related videos on Youtube

scorpion5211
Author by

scorpion5211

Updated on June 04, 2022

Comments

  • scorpion5211
    scorpion5211 over 1 year

    I have an application1(C#) that is hosted on port:80 and application 2(nodejs) that is hosted on port:3030. Both are on localhost.

    The request workflow is as following:

    • browsers sends request to application 1
    • application 1 sends back number of cookies
    • later on browser sends the request to application 2
    • ^ problem is on the last step, the cookies doesnt get included in the request.

    Things I have tried/understood:

    • I understand that this is a same-origin policy restriction and because of different port # the browser treats them as different domains.
    • In Application 1 (its using System.Web.HttpCookie) i have tried to set the domain to be port specific ("127.0.0.1:3030") but seems like the browser doesnt accept it or ignore it.

      //c# code
      var testCookie1 = new HttpCookie("Test", "testValue");
      testCookie1.Domain = "127.0.0.1:3030";
      testCookie1.Path = "/";
      testCookie1.Expires = DateTime.Now.AddDays(1);
      Response.SetCookie(testCookie1);
      
      var testCookie2 = new HttpCookie("Test2", "testValue2");
      testCookie2.Domain = "127.0.0.1";
      testCookie2.Path = "/";
      testCookie2.Expires = DateTime.Now.AddDays(1);
      Response.SetCookie(testCookie2);
      

    Cookies that come back from server Cookies that get stored in browser

    The server sends back a cookie with the port number attached to it but the browser seems like it ignores it.

    and here is my ajax calls:

       var request = $.ajax({
            url: 'http://127.0.0.1:3030/SomeTask',
            type: 'POST',
            crossDomain: true,
        });
    
    • scorpion5211
      scorpion5211 over 6 years
      two servers are communication with each other, on stage/production level this is gonna be simple to achieve since they are going to have same domain and same port (80) but i am trying to get it to work on localhost for development environment. @CodeCaster
  • CodeCaster
    CodeCaster over 6 years
    Please explain how this would work in production. Surely you don't want the visitors to edit their host file?
  • Gabriel Bleu
    Gabriel Bleu over 6 years
    In production your would have app1.myapp.com and app2.myapp.com registered in your DNS.
  • scorpion5211
    scorpion5211 over 6 years
    I followed your example, i understand the concept that the two apps need to be under same domain for cookies to get shared but im not seeing how two different domains pointing to the same IP would help. My app2 lives on 127.0.0.1:3030. I did try use fidler to setup the HOST script to forward the app2 domain to 127.0.0.1:3030 so i ended up having 2 apps with the domains: app1.myapp.com and app2.myapp.com but seems like cookies are still not getting sent to app2.
  • Gabriel Bleu
    Gabriel Bleu over 6 years
    When you set the cookie, you should set its domain to myapp.com, this way it's shared across all subdomains. See here for details.