| Author |
Message |
BeerBoy
Guest
|
 Posted:
Tue Sep 27, 2005 4:51 pm Post subject:
Sharing Cookies between HTTP and HTTPS |
|
|
I have one site with two host headers :
dev.mystore.com (http) and secure.mystore.com (https)
All works fine except when I swap between the sites - if I add
something into the basket in one and then browse to the second I want
to have the same basket - however this is not working.
I assume the reason is that they are not sharing cookies.
I've configure commerce server manager so non-secure hostname is
'dev.mystore.com' and secure hostname is 'secure.mystore.com', I have
also ticked 'Autocookie' and enabled the authentication filter. Finally
I've set the number of shared domain levels to be 2, but all this
doesn't seem to work.
When I use firefox and look at the cookies I can see the 'host' entry
is either 'secure.mystore.com' or 'dev.mystore.com' depending on the
site visited. I had somehow expected both sites to write cookies called
just 'mystore.com' ??
Has anyone got any ideas what I can try and do next in order to solve
this.
Thanks in advance,
Jim |
|
| Back to top |
|
 |
Ravi Shankar
Guest
|
| Posted:
Wed Sep 28, 2005 12:50 pm Post subject:
RE: Sharing Cookies between HTTP and HTTPS |
|
|
IMHO, for two sites to share the same basket, they should share the Profiles,
Marketing, Discounts, Catalog resources also. It would be simpler to
implement this as TWO applications within the same site.
IF they don't do functionally different things then you could have the same
app with dev.mystore.com & secure.mystore.com as TWO entries in the DNS and
make dev.mystore.com as the non-secure hostname while secure.mystore.com is
the secure site name (Commerce Server Manager, Site, Applications, MySTore
properties)
--
Ravi Shankar
"BeerBoy" wrote:
| Quote: | I have one site with two host headers :
dev.mystore.com (http) and secure.mystore.com (https)
All works fine except when I swap between the sites - if I add
something into the basket in one and then browse to the second I want
to have the same basket - however this is not working.
I assume the reason is that they are not sharing cookies.
I've configure commerce server manager so non-secure hostname is
'dev.mystore.com' and secure hostname is 'secure.mystore.com', I have
also ticked 'Autocookie' and enabled the authentication filter. Finally
I've set the number of shared domain levels to be 2, but all this
doesn't seem to work.
When I use firefox and look at the cookies I can see the 'host' entry
is either 'secure.mystore.com' or 'dev.mystore.com' depending on the
site visited. I had somehow expected both sites to write cookies called
just 'mystore.com' ??
Has anyone got any ideas what I can try and do next in order to solve
this.
Thanks in advance,
Jim
|
|
|
| Back to top |
|
|
Ravi Shankar
Guest
|
| Posted:
Wed Sep 28, 2005 4:51 pm Post subject:
Re: Sharing Cookies between HTTP and HTTPS |
|
|
I think there is some mechanism to have domain specific cookies just forget
where I read about them. If you can locate and amend the authentication
modules to support domain level cookies, that should solve your problem.
Also, do you want your site to support baskets for anonymous users ? Cleaning
up orphaned baskets is a administrative headache (more like a nightmare)
Does the site behave the same way for registered users ?
On a nitpicking note ;), if the site & functionality is same then why two
names huh ?
--
Ravi Shankar
"BeerBoy" wrote:
| Quote: | Hi Ravi,
Yes the 'two' sites are identical and infact is as you say just one
application with 2 DNS entries. I have made 'dev.mystore.com' the
non-secure name and 'secure.mystore.com' the secure name.
My point is that this doesn't seem to work.
If I browse to dev.mystore.com I will get an anonymous profile, now
suppose I add some items to my basket and then close the browser.
Now I open a new browser and browse to secure.mystore.com - alas the
basket is empty, implying I've been given a new anonymous profile.
So I browse back to dev.mystore.com and my basket is there again with
the items in it.
It appears the cookies are not being shared event though I done as you
have said and also set number of shared domain levels to 2.
Any ideas ?? I'm out of them :-(
Regards
Jim
|
|
|
| Back to top |
|
|
BeerBoy
Guest
|
| Posted:
Wed Sep 28, 2005 4:51 pm Post subject:
Re: Sharing Cookies between HTTP and HTTPS |
|
|
Hi Ravi,
Yes the 'two' sites are identical and infact is as you say just one
application with 2 DNS entries. I have made 'dev.mystore.com' the
non-secure name and 'secure.mystore.com' the secure name.
My point is that this doesn't seem to work.
If I browse to dev.mystore.com I will get an anonymous profile, now
suppose I add some items to my basket and then close the browser.
Now I open a new browser and browse to secure.mystore.com - alas the
basket is empty, implying I've been given a new anonymous profile.
So I browse back to dev.mystore.com and my basket is there again with
the items in it.
It appears the cookies are not being shared event though I done as you
have said and also set number of shared domain levels to 2.
Any ideas ?? I'm out of them :-(
Regards
Jim |
|
| Back to top |
|
|
BeerBoy
Guest
|
| Posted:
Thu Sep 29, 2005 4:51 pm Post subject:
Re: Sharing Cookies between HTTP and HTTPS |
|
|
Hi Ravi,
What does the 'number of shared domain levels' field do in Commerce
Manager - I thought this allow cookie sharing ?
The reason for the 2 names is that's what the customer wants :-)
Something to do with their routing / security policy ????
Jim |
|
| Back to top |
|
|
Ravi Shankar
Guest
|
| Posted:
Thu Sep 29, 2005 4:51 pm Post subject:
Re: Sharing Cookies between HTTP and HTTPS |
|
|
Hi Jim,
You're correct
(http://msdn.microsoft.com/library/default.asp?url=/library/en-us/csvr2002/htm/cs_se_authentication_lctm.asp)
says so too but it does not mention anything about doing so between different
protocols (HTTP/HTTPS). Maybe log a call with Microsoft to get help/answer.
--
Ravi Shankar
"BeerBoy" wrote:
| Quote: | Hi Ravi,
What does the 'number of shared domain levels' field do in Commerce
Manager - I thought this allow cookie sharing ?
The reason for the 2 names is that's what the customer wants :-)
Something to do with their routing / security policy ????
Jim
|
|
|
| Back to top |
|
|
Colin Bowern
Guest
|
| Posted:
Thu Sep 29, 2005 4:51 pm Post subject:
Re: Sharing Cookies between HTTP and HTTPS |
|
|
Jim,
You are correct in that the setting allows for sharing of cookies across
domains. See the "Enabling Cookie Sharing Across Domains" section in the
Commerce Server 2002 documentation.
Cheers,
Colin
| Quote: | Hi Ravi,
What does the 'number of shared domain levels' field do in Commerce
Manager - I thought this allow cookie sharing ?
The reason for the 2 names is that's what the customer wants :-)
Something to do with their routing / security policy ????
Jim
|
|
|
| Back to top |
|
|
Ravi Shankar
Guest
|
| Posted:
Thu Sep 29, 2005 4:51 pm Post subject:
Re: Sharing Cookies between HTTP and HTTPS |
|
|
Jim,
On further digging I found the note about HTTP/HTTPS at this link
(http://msdn.microsoft.com/library/default.asp?url=/library/en-us/csvr2002/htm/cs_gs_concepts_pwht.asp).
This states that the domain is built from the secure/non-secure host names so
can you confirm that your secure hostname configured in Commerce Server
Manager is secure.mysite.com while the non-secure hostname should be set to
dev.mysite.com.
Then and only then it would work :)
--
Ravi Shankar
"Ravi Shankar" wrote:
| Quote: | Hi Jim,
You're correct
(http://msdn.microsoft.com/library/default.asp?url=/library/en-us/csvr2002/htm/cs_se_authentication_lctm.asp)
says so too but it does not mention anything about doing so between different
protocols (HTTP/HTTPS). Maybe log a call with Microsoft to get help/answer.
--
Ravi Shankar
"BeerBoy" wrote:
Hi Ravi,
What does the 'number of shared domain levels' field do in Commerce
Manager - I thought this allow cookie sharing ?
The reason for the 2 names is that's what the customer wants :-)
Something to do with their routing / security policy ????
Jim
|
|
|
| Back to top |
|
|
BeerBoy
Guest
|
| Posted:
Thu Sep 29, 2005 8:51 pm Post subject:
Re: Sharing Cookies between HTTP and HTTPS |
|
|
Hi Ravi,
Yes my secure/non-secure hostnames are set up as you suggested - but
the cookies still don't share :-( |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in