1. 技术文章
  2. Unable to read cookies in FireFox/Chrome via 302 redirect, but works in IE

Unable to read cookies in FireFox/Chrome via 302 redirect, but works in IE

别说谁变了你拦得住时间么 提交于 2019-12-07 16:47:17

问题


I am breaking my head to figure out a browser specific issue (in Firefox and Chrome). I have spent so much time to try fixing this issue that I have finally thought to create a live demo for the experts here to look into this issue. (Hopefully it pays off)

I have two domains www.nkmekal.com and www.incessantcoding.com

Please use Firefox/Chrome to replicate the issue:

Step 1:

Browse http://www.nkmekal.com/createcookie.aspx

The page just creates a cookie. Below is the code that creates the cookie:

    // In On_Load of nkmekal.com/createCookie.aspx
    HttpCookie cookie = new HttpCookie("DisCookie");
    cookie.Value = "djdjd77676ydjdndgdidjkdnhf";
    cookie.HttpOnly = true;
    cookie.Expires = DateTime.Now.AddDays(1);
    Response.Cookies.Add(cookie);
    lblCookieInfo.Text = string.Format("<b>Cookie Name:</b> {0} <br/><br/> <b>Cookie Value:</b> {1} <br/><br/> <b>Cookie Expires On:</b> {2}", cookie.Name, cookie.Value, cookie.Expires);

Step 2:

Now open a new tab in the browser, go to http://www.incessantcoding.com/GoTonkmekal.aspx which basically does a simple 302 redirect to http://www.nkmekal.com/ReadCookie.aspx , below is the code that does this redirect:

// In On_Load of incessantcoding.com/GoTonkmekal.aspx
protected void Page_Load(object sender, EventArgs e)
{
    Response.Redirect("http://www.nkmekal.com/ReadCookie.aspx");
}

However I see the below message: (Please see the code of ReadCookie.aspx page in Step 3)

“No Cookie Found :(”

Which means that the domain www.nkmekal.com was unable to read the cookie that it created earlier when you’ve browsed www.nkmekal.com/createcookie.aspx

Step 3:

And the page http://www.nkmekal.com/ReadCookie.aspx just tries to read the above created cookie (in Step 1) and displays cookie data. Below is the code that tries to read the cookie and displays it in the page 

    // In On_Load of nkmekal/ReadCookie.aspx
    HttpCookie cookie = Request.Cookies["DisCookie"];
    if (cookie != null)
    {
      // Resetting expiry date because the browser never sends expiry date to Server,
      // as cookies expiration dates are irrelevant to servers.
      cookie.Expires = DateTime.Now.AddDays(1);
      lblCookieInfo.Text = string.Format("<b>Yes! I found a cookie</b> <br><br><b>Cookie Name:</b> {0} <br/><br/> <b>Cookie Value:</b> {1} <br/><br/> <b>Cookie Expires On:</b> {2}", cookie.Name, cookie.Value, cookie.Expires);
    }
    else
    {
        lblCookieInfo.Text = "No Cookie Found :(";
    }

The above steps work fine only in IE but not in FireFox/Chrome.

Also, if you want to take a peek at the source code of the two domains you can download them at

http://dl.dropbox.com/u/1248159/incessantcoding.zip

http://dl.dropbox.com/u/1248159/nkmekal.zip

Why am I trying to do this:

So, the reason why I am trying to do this is that there are certain operations that I need to perform in the domain www.incessantcoding.com if there was a cookie created in www.nkmekal.com

And the reason for going with a 302 redirect is that we cannot read cross domain cookies and hence I am trying to get the cookies read from the appropriate domain only (since nkmekal.com can only read its cookies).

Any help/suggestions will be very helpful.

Update: Also quite interestingly, if steps 1 and 3 are performed (leaving out step 2), the cookie value is read in Firefox and Chrome correctly. Its only the 302 way that isn't working.


回答1:


When saving up a cookie, the domain of the website is also being saved - this is made to avoid cross-domain data exchange - which means: once you save up a cookie from one host - it CANNOT be read from another whatsoever.

but, you can pass the cookie's data via the URL from your original host:

protected void Page_Load(object sender, EventArgs e)
{
    HttpCookie cookie = Request.Cookies["DisCookie"];
    if (cookie != null)
    {
         Response.Redirect("http://www.nkmekal.com/ReadCookie.aspx?data=" + cookie.Value);
    }

    else Response.Redirect("http://www.nkmekal.com/ReadCookie.aspx");
}

And then just usedata in ReadCookie.aspx.




回答2:


I have finally figured out an alternative and it works just fine! Here is what I've did:

If nkmekal.com creates a DisCookie...I am issueing a 302 redirect to incesscantcoding.com with an encrypted token as a querystring value, then incessentcoding.com will create its own DisCookie based on the querystring value for its domain, so if I want to know if a cookie exists for nkmekal.com I will just look at the Cookies collection for a DisCookie in incessantcoding.com ... I tested this scenario and it seems to be working in both firefox and chrome...

AND later I figured that even google does similar thing when a user logs into one of their service websites...

Hope this helps...



来源:https://stackoverflow.com/questions/9188837/unable-to-read-cookies-in-firefox-chrome-via-302-redirect-but-works-in-ie

标签
c#
ASP.NET
cookies
http-status-code-302
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!