Subdomain Cookies and Localhost

So I have a site – we’ll call www.site1.com that sets a client side cookie named CookieName1 and I need a subdomain test.site1.com to be able to read that value. Using php’s standard setcookie() method I set the cookie on www by using:

setcookie( “CookieName1″, $CookieName1Value, $CookieExpDate, “/”, “.site1.com” );

This works, no problem.  Now test.site1.com uses .NET to read in the value and do something.  Pretty standard stuff here:

  If Request.Cookies(“CookieName1″) IsNot Nothing Then

   ”DO SOMETHING

  End If

 

Build > Debug, set a breakpoint on the if block, skips right over it.  Huh?  I make sure IE has the cookie, try again.  Nope, Request.Cookies(“CookieName1″) is Nothing.  Can’t be an IE thing can it?  Run same scenerio in FireFox – same result.  Then it dawns on me, I’m not running this under test.site1.com, I’m running this under localhost.  Everything was working as expected, cookies can only be read by *.site1.com.  So how am I going to test this thing on my local machine? I do have a sandbox, test1sandbox.site1.com, but what if I didn’t?  A simple solution is to change the host file found at %SystemRoot%\system32\drivers\etc\ with:

127.0.0.1 localhost
127.0.0.1 test1.site1.com

Run another Debug, change the http://localhost to http://test1.site1.com and now I’m able to read cookies from *.site1.com. Nifty.

Written by Tim on May 22nd, 2007 with 4 comments.
Read more articles on asp.net and php and web 2.0 ish.

Related articles

4 comments

Read the comments left by other users below, or:

Get your own gravatar by visiting gravatar.com Patrick
#1. April 20th, 2009, at 12:17 PM.

Very good tip! I am working with cookies accross sub domains and I know I would have hit this issue. Thanks for the tip!

Get your own gravatar by visiting gravatar.com Patrick
#2. April 25th, 2009, at 4:06 AM.

Just got to the work of using cookies accross subdomains. I came back to get your example, and, it works like a charm!

Thanks for posting this information.

Get your own gravatar by visiting gravatar.com Richard Atkins
#3. January 18th, 2010, at 12:13 PM.

YES BUT … Place a breakpoint somewhere like Global.asax or in a page and check the value in Request.URL

You will find it reads ‘http://localhost:…’ not ‘http://test.localhost:…’ so your results are being returned (and your cookie read) from the domain not the subdomain. This debugging trick works by ‘faking’ the subdomain to be the localhost domain. Any code you have that depends on Request.URL being correct will no longer work.

Is there a better fix for this? I haven’t found one yet!

Get your own gravatar by visiting gravatar.com Richard Atkins Again
#4. January 20th, 2010, at 12:09 AM.

YES BUT … I found the answer. You need to check the HOST header in the request which has the full domain name (e.g. subdomain.localhost:XXXX) instead of using Request.URL.Authority. To do this I created an extension method in the Uri object which does this check and returns a ‘hacked’ version of the Uri with the correct domain name inserted using Regex. Sorted.

Leave your comment...

If you want to leave your comment on this article, simply fill out the next form:




You can use these XHTML tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> .