Setting cookies across domains

Similar Messages

• Sessions / Cookies across domains.

  Hi all,
  I'm implementing an affiliate scheme on one of my websites so that when someone access: www.mydomain.com/index.jsp?aff_id=123 the JSP stores a cookie with the affiliate id in it (this is the affiliate that referred the person to my site). This bit works fine.
  My problem comes when the user goes to order a license and they are redirected to my secure server. So when I try and access the cookie to try and get any affiliate info i can't access it.
  I know I could embed the affiliate id in the link, but I don't really want to do this if it can be avoided...
  Any ideas of a work-around?

  You could also pass the id as a hidden field in a form.
  Have the link call a JavaScript function. The JavaScript funcition could access the cookie and pull out the id. The function would then set a hidden field in a form to the id value and then Post the form to the secure server.
  The form would only have hidden fields so it could be tagged on the end of the HTML page and the user would never know it was there.

• Not able to set cookie domain ???

  Hi All,
  I am not able to set cookie domain in my webapp(WebApp.mydomain.com).
  My sample code is given below, my webapp name is WebApp.mydomain.com, this has got two jsp pages, one for creating cookie and other one is for reading the cookie.
  CreateCookie.jsp
      Cookie cookie = new Cookie("id","123");
            cookie.setDomain(".mydomain.com");
            cookie.setPath("/");
            response.addCookie(cookie);ReadCookie.jsp
  Cookie[]cks = request.getCookies();
            for(int i=0;i<cks.length;i++){
         out.print("cookie found.............................   "+cks.getValue());
  Issues:
  1. I am not able to read the cookie, if i set the domain as cookie.setDomain(".mydomain.com"); at cookie. I verified it by commenting the domain setting line.
  2. The reason for setting the domain is, I have another web application "WebApp1.mydomain.com" which is supposed to read this cookie which is created in "WebApp.mydomain.com" application.
  3. Is it possible to access the cookie across the applications as the cookie domain and path are been set. (i.e) From WebApp.mydomain.com to WebApp1.mydomain.com?Please share your inputs :(
  Thanks,
  Sundar

  Hi All,
  Any comment/solutions on this???
  Regards,
  Sundar

• How to deal with the "Set-Cookie" field in HTTP header??

  I follow the RFC-2616 specification to write a socket program to fetch web pages.
  I have to deal with all the fields included in the HTTP header.
  But the RFC-2616 doesn't talk anything about the "Set-Cookie" field.
  Does anyone know how to handle this field or provide me any useful documentation.
  Any help is appreciated.

  A cookie is set with the "Set-Cookie: "-field in the http header, like this:
  Set-Cookie: mycookie=someValue
  This cookie should only be returned to the same host as it came from, like this in the http header of a request:
  Cookie: mycookie=someValue
  If the parameter looks like this:
  Set-Cookie: mycookie=someValue; path=/cgi-bin
  , the cookie should only be returned to the host if the request path starts with /cgi-bin
  If the parameter looks liek this:
  Set-Cookie: mycookie=someValue; domain=.mydomain.com
  , the cooke should be returned to all hosts in the .mydomain.com-domain
  There is also a "expires="-field, which works as expected and a "secure"-field, which I'm not sure how to handle. Maybe the cookie should only be sent to an SSL-enabled host?
  Hope this helps you. Bye,
  Dag W.

• Content Repository sharing across domains

  Hello,
  Is it possible to share a bea content repository across domains?
  Thanks,
  -- Anant

  Ok,
  But besides caching, would there be any other issues, like entitlements and delegated admin?
  If the content cache timeout were to be set to say 20 minutes, then at the most the content would be 20 minutes out of date. So then could you set up a repository in multiple domains, with one domain having the entitlements and delegated admin setup for publishing content and the other domains being read only?
  Thanks,
  -- Anant

• Set cookie in webservice request

  Hi,
  Is there a way to set a cookie in a webservice request or include the HttpCookie in the service call ? Basically I am using Axis on client side to call a .NET webservice on a remote server and need to pass user data to the service in a cookie.
  Thanks
  NK

  Hi Santhiyaraman,
  Webview control is in windows phone 8.1 runtime app, in windows phone 8 is webbrowser control.
  Webbrowser control does not provide some properties or methods to add custom cookie, but we can do this using the javascript. Code snippet looks like the following.
  private void setCookie(string name, string value, string path = "", string domain = "", bool isSecure=false, string expires = "")
  var sb = new StringBuilder();
  sb.AppendFormat("document.cookie = '{0}=\" + escape(\"{1}\")", name, value);
  if (!String.IsNullOrEmpty(expires))
  sb.AppendFormat(";expires=\"{0}\"", expires); // should be a GMTString
  if (!String.IsNullOrEmpty(path))
  sb.AppendFormat(";path=\"{0}\"", path);
  if (!String.IsNullOrEmpty(domain))
  sb.AppendFormat(";domain=\"{0}\"", domain);
  if (isSecure)
  sb.Append(";secure'");
  var cookieJs = sb.ToString();
  Debug.WriteLine(cookieJs);
  webBrowser.InvokeScript(cookieJs);
  You can find more information about it from
  http://stackoverflow.com/questions/13287409/windows-phone-webbrowser-set-cookies.
  Please try and let me know the result.
  Regards,
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• How do I enable "Access data sources across domains" in firefox?

  Couple of links do not work on my firefox however they work fine on IE. This is because the "Access data sources across domains" is enabled in IE and i am not sure on how to make this setting enable on Firefox as well.
  Please provide the steps to enable "Access data sources across domains" setting in Firefox.
  Please help!

  This should add the permanent exception:
  [https://support.mozilla.org/en-US/kb/connection-untrusted-error-message#w_bypassing-the-warning Connection Untrusted Error Message: Bypassing the Warning]
  However if it is not staying until the next time that the user opens up Firefox, is it possible that they are in permanent private browsing? [[Private Browsing - Browse the web without saving information about the sites you visit]] - that should have instructions to get in and out of it.

• Block Cookies at Domain Level

  In early Firefox I would set cookie rules at the domain level using the wildcard - for example - *.tubmogul.com would be accepted, blocked, or allowed for session.
  In current 3.x and 4.x implementations this does not appear to be possible and I feel like I am spending a good portion of the day blocking the various "n.domain.com" where "n" varies by site and within a site.
  Ideas?

  Don't use a wildcard with *. Only specify the domain, that includes all sub domains: tubmogul.com

• Setting cookies for safari using java

  Dear all
  I am new to cookie programming. Is there some way so that I can set cookies in Safari on Mac.
  I need to set the user's login information in cookie for a particular site then i need to launch that particular website.
  The code samples will better help. Pls help me as i am in urgent need.
  Regards
  Shobhit Jain

  Can you explain what this will do? Is this a type of
  wildcard for all domains?The answer to my question is that you can't do it, and for good reason. There is a security restriction against creating/accessing cookies from unrelated domains (and ".com" won't cut it). So I just did a complete proxy solution and translated all requests and maintained the cookies for the browser.
  I am not sure what setDomain("/") would do - I am pretty sure that is just invalid (but it is a valid path, however).

• Set-cookie cache

  Hi All,
  If we develop the set-cookie using NSAPI on Proxy Server 4.0.2, the proxy server cache the following information.
  Request Headers
  content-length     =     165
  content-type     =     text/html
  status     =     200 OK
  Set-cookie     =     CTSESSION=AAewewedwewewew; domain=.cc.company.net; path=/
  server     =     Sun-ONE-Web-Server/6.1
  date     =     Tue, 24 Jan 2006 11:45:57 GMT
  last-modified     =     Wed, 18 Jan 2006 04:27:28 GMT
  etag     =     "a5-43cdc3b0"
  accept-ranges     =     bytes
  via     =     1.1 proxy-proxy402
  proxy-agent     =     Sun-Java-System-Web-Proxy-Server/4.0.2
  How to avoid this "Set-cookie" on cache of Proxy Server?
  regards;
  Tash

  Cannot reproduce this issue. Tried the following with 4.0.2 proxy server:
  1. Origin server sends the following response with "Set-cookie" header,
  HTTP/1.1 200 OK
  Content-length: 34
  Content-type: text/html
  Server: Sun-ONE-Web-Server/6.1
  Date: Fri, 27 Jan 2006 06:34:49 GMT
  Set-cookie: "CTSESSION=AAewewedwewewew; domain=.cc.company.net; path=/"
  Last-modified: Fri, 27 Jan 2006 06:33:33 GMT
  Etag: "22-43d9bebd"
  Accept-ranges: bytes
  Via: 1.1 S1PS
  Via: 1.1 proxy-server1
  Proxy-agent: Sun-Java-System-Web-Proxy-Server/4.0.3
  iPlanet File.
  iPlanet web server.
  2. Proxy server caches the document but without the "set-cookie" header. Following is the contents of the cached file:
  11556FFE46101FC41D     1     1138323813     0     1138323889     34
  text/html     http://dummy.com:8080/myfile8.html0014content-length0002340012content-type0009text/html0006status0006200 OK0006server0022Sun-ONE-Web-Server/6.10004date0029Fri, 27 Jan 2006 06:34:49 GMT0013last-modified0029Fri, 27 Jan 2006 06:33:33 GMT0004etag0013"22-43d9bebd"0013accept-ranges0005bytes0003via00081.1 S1PS0003via00171.1 proxy-server10011proxy-agent0038Sun-Java-System-Web-Proxy-Server/4.0.3^M
  iPlanet File.
  iPlanet web server.

• IE not set cookie for downloaded js file.Why?

  I'm trying to  download a js file from a different domain  like main page  is from  www.abc.com but js file is from www.def.com. www.def.com sets a cookie . All major browsers get the cookie and sends it in the other requests to www.def.com.But
  IE sends this cookie to www.abc.com. Cookie has also domain field set www.def.com. Any possible solution?

  How, specifically, is the cookie set?
  When you use document.cookie to set a cookie, ALL BROWSERS set the cookie in the domain in which the script runs (e.g. the page that includes it). NO BROWSERS set the cookie in the domain from which the script downloaded.
  When you use a SET-COOKIE response header to set a cookie, MOST browsers set the cookie in the domain from which the download occurs. Internet Explorer will IGNORE that cookie (not setting it anywhere) unless a P3P statement is supplied. See
  http://blogs.msdn.com/b/ieinternals/archive/2013/09/17/simple-introduction-to-p3p-cookie-blocking-frame.aspx

• Whats happening to my set-cookie header?

  I'm writing a desktop client for a Django app running on an https domain.
  I'm attempting to retrieve cookies set by the django site when I call the site using URLRequest as follows:
  var urlVariables = new air.URLVariables();
  urlVariables.foo = "bar"
  var request = new air.URLRequest("https://www.example.com/api/foo/");
  request.data = urlVariables;
  request.method = air.URLRequestMethod.POST;
  var loader = new air.URLLoader();
  loader.addEventListener(air.HTTPStatusEvent.HTTP_RESPONSE_STATUS, httpStatusHandler);
  loader.addEventListener(air.Event.COMPLETE, completeHandler);
  loader.addEventListener(air.IOErrorEvent.IO_ERROR, ioErrorHandler);
  loader.load(request);
  However if I loop over the headers returned by the site like so...
  function httpStatusHandler(event){
      for(var i=0; i<event.responseHeaders.length; i++){
         air.trace(event.responseHeaders[i].name);
  ...I discover that that the Set-Cookies header is conspicuously absent.
  Is this a deliberate security restriction for calls to HTTPS sites? I'm completely baffled.
  Any help appreciated.

  Go into the System Preferences and click on Users & Groups. Try creating a new user account and then log into it to see if you have the same issues. Since your hard drive appears to be fine with plenty of space on it, and you have no major permission's issues, creating a new user for test purposes will help confirm whether you are dealing with some sort of software issue. Did you recently install some new software?
  If a new user account resolves the issue then open the Activity Monitor application located in the Applications/Utiliteis folders and click on the CPU button. In the lower left corner you should see a summary listing the % User, % System, % Idle. What are these percentages? If the CPU idle percentage is near zero then you have a process running that is consuming your SPU time. To try and find it pull down the menu to select 'All Processes', then click on the %CPU column to sort by the percent that each process is consuming your CPU.   The numbers constantly change, but do your best to see if there are one or two processes consuming the majority of the CPU time and post the names. Then do the same test in the new user account. I suspect you may have some process from a previously installed utility, virus checker, etc. that is keeping your system busy. I've included a screenshot from my system below. It doesn't have much going on, and as you can see in the lower left corner the CPU is basically idle most of the time. If I were to launch a CPU intensive app the numbers would change dramatically.

• Set cookie in Webview in Windows Phone 8.0

  The app we created runs as a webview control after initial login process. We have to send a cookie(secure httponly ) to server as part of request after first time login for consequent logins.
  There is no solution provided to set cookie in web view. Can anybody share a sample to set cookie in webview control in Windows phone 8.0 (Silverlight app)?

  Hi Santhiyaraman,
  Webview control is in windows phone 8.1 runtime app, in windows phone 8 is webbrowser control.
  Webbrowser control does not provide some properties or methods to add custom cookie, but we can do this using the javascript. Code snippet looks like the following.
  private void setCookie(string name, string value, string path = "", string domain = "", bool isSecure=false, string expires = "")
  var sb = new StringBuilder();
  sb.AppendFormat("document.cookie = '{0}=\" + escape(\"{1}\")", name, value);
  if (!String.IsNullOrEmpty(expires))
  sb.AppendFormat(";expires=\"{0}\"", expires); // should be a GMTString
  if (!String.IsNullOrEmpty(path))
  sb.AppendFormat(";path=\"{0}\"", path);
  if (!String.IsNullOrEmpty(domain))
  sb.AppendFormat(";domain=\"{0}\"", domain);
  if (isSecure)
  sb.Append(";secure'");
  var cookieJs = sb.ToString();
  Debug.WriteLine(cookieJs);
  webBrowser.InvokeScript(cookieJs);
  You can find more information about it from
  http://stackoverflow.com/questions/13287409/windows-phone-webbrowser-set-cookies.
  Please try and let me know the result.
  Regards,
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Share external jars across domains

  Hello, I'm wondering what is the best practice or suggestion to share 3rd party jars across domains in JCAPS 5.1.3.
  Thanks

  Thanks for your insight moonsit.
  Also, I would like to organize my dependencies into directories (i.e. localhost/is/lib/myPorject/ext/foo.jar and localhost/is/lib/myPorject/bar.jar) and I tried various bat file to set the classpath to my jar locations....could anyone help me point me to the right directions? Or is the intergration server administration config under jvm settings the right way to do it.
  --Thanks.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   

• Problems setting up a Domain - javax.management.InstanceNotFoundException

  I am having problems setting up a Domain. The following steps summarize
  what I have done.
  1. Created FooDomain in d:/bea/wlserver6.0/config and created
  appropriate config.xml, startup scripts, security, etc... (FooDomain
  boots ok)
  2. Moved console.war to bea/wlserver6.0/config/FooDomain/applications
  3. Connected to FooDomain via console (works ok).
  4. Defined machine FooMachine (happens to be localhost)
  5. Defined new server FooServer (in addition to default myserver) and
  assigned it to FooMachine.
  6. Created a new directory d:/managedServers/FooServer (note - outside
  installation directory)
  7. Created directories d:/managedServers/FooServer/logs &
  d:/managedServers/FooServer/applications
  8. Copied sample startManagedServer.cmd from mydomain to
  d:/managedServers/FooServer & modified appropriately.
  9. Ran startManagedServer.cmd (Note: I was able to connect to the
  Administration Server ok)
  The problems are as follows. (From the console - pointing to the
  Administration Server for the FooDomain)
  1. I am unable to configure a DefaultWebApp_FooServer to be located at
  d:/managedServers/FooServer/applications. I get the following exeption:
  javax.management.InstanceNotFoundException:
  FooDomain:Name=DefaultWebApp_FooServer,Type=WebAppComponent.
  2. I get a similar error when trying to set FooServer log locations to
  d:/managedServers/FooServer/logs
  Any ideas as to why? This then begs the question, what if FooServer was
  on a different physical server altogether. How would I define the
  location of the DefaultWebApp and logs.
  Thanks
  jay ()

  If you want your application work, think my way. At least, all my teammates have used this method to build their development environment. If you are more interested to debug for Weblogic, contact your support representative. The tools from Administration console look very nice, but not function as you want (e.g., the tool to convert version 5.1 application to version 6, even monitor tools). Administration console is very nice to be used to configue the parameters for a domain, but not so trustful and not for application setup in my own experience and that is why I suggest you use mydomain and DefaultWebApp_MyServer as templates. By the way, I did modify config.xml manually to change the default web application entry, etc, to what I want.
  Jay Zammit <[email protected]> wrote:
  I did not modify config.xml manually. In fact, I am able to boot both the Administration Server & Managed Server. The problem happens when using the Administration console to assign my logs and Default Applications directory to the d:/managedServers/FooServer/logs, and d:/managedServers/FooServer/applications/DefaultWebApp_FooServer directories. Try it yourself. Go to the Configurer WebApp option and type in a fully qualified directory such as d:/managedServers/FooServer/applications/DefaultWebApp_FooServer
  and see if it works on your system.
  thanks
  jay ()
  Xiang Rao wrote:
  One suggestion. Use the default domain mydomain as a template. Just make a copy of "mydomain" in folder config and rename the copy to whatever you like. Use some help tools to search all files (non-binary files) in new domain for key word "mydomain" and replace these words with your new domain name. To build an application, just rename the DefaultWebApp_MyServer to what you like and search "DefaultWebApp_MyServer" in all files (non-binary files) in your new domain and replace these words with yournew application name. Note you need to modify the scripts accordingly. Then you can run "startWeblogic" in your new domain directory to start your new domain. Other parameters should be configured by Administration console. If you manually modify configuration files, you could expect some bad news without reason.
  Jay Zammit <[email protected]> wrote:
  I am having problems setting up a Domain. The following steps summarize
  what I have done.
  1. Created FooDomain in d:/bea/wlserver6.0/config and created
  appropriate config.xml, startup scripts, security, etc... (FooDomain
  boots ok)
  2. Moved console.war to bea/wlserver6.0/config/FooDomain/applications
  3. Connected to FooDomain via console (works ok).
  4. Defined machine FooMachine (happens to be localhost)
  5. Defined new server FooServer (in addition to default myserver) and
  assigned it to FooMachine.
  6. Created a new directory d:/managedServers/FooServer (note - outside
  installation directory)
  7. Created directories d:/managedServers/FooServer/logs &
  d:/managedServers/FooServer/applications
  8. Copied sample startManagedServer.cmd from mydomain to
  d:/managedServers/FooServer & modified appropriately.
  9. Ran startManagedServer.cmd (Note: I was able to connect to the
  Administration Server ok)
  The problems are as follows. (From the console - pointing to the
  Administration Server for the FooDomain)
  1. I am unable to configure a DefaultWebApp_FooServer to be located at
  d:/managedServers/FooServer/applications. I get the following exeption:
  javax.management.InstanceNotFoundException:
  FooDomain:Name=DefaultWebApp_FooServer,Type=WebAppComponent.
  2. I get a similar error when trying to set FooServer log locations to
  d:/managedServers/FooServer/logs
  Any ideas as to why? This then begs the question, what if FooServer was
  on a different physical server altogether. How would I define the
  location of the DefaultWebApp and logs.
  Thanks
  jay ()