1

I have the option in my site to change language.

When user change language ,its saved in cookie, so the other pages know which language to display!

Some of the pages are in https. And in these pages I don't get the selected language.

Is there any way to use the same cookie for http and https?

Soner Gönül
  • 97,193
  • 102
  • 206
  • 364
BrMe
  • 315
  • 2
  • 8
  • 22
  • See http://stackoverflow.com/questions/5843305/switching-between-http-and-https-pages-with-secure-session-cookie – Paul Zahra Jan 14 '13 at 09:27
  • Please have a look at this question http://stackoverflow.com/q/2321224/1916110 - it can explain. – Tom Jan 14 '13 at 09:29
  • Offtopic: no solution to go to all HTTPS? http://www.imperialviolet.org/2010/06/25/overclocking-ssl.html – RvdK Jan 14 '13 at 09:39

2 Answers2

4

You could try setting your cookie to secure = false

see http://msdn.microsoft.com/en-us/library/system.web.httpcookie.secure.aspx

how can I share an asp.net session between http and https

Community
  • 1
  • 1
Ant
  • 338
  • 2
  • 9
3

No, there isn't. The cookies are local to the domain, and the http and https pages are considered to be in different domains.

The https pages are encrypted, so sending the same cookies for a http request would leak that information, and compromise the encryption.

Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
Guffa
  • 687,336
  • 108
  • 737
  • 1,005
  • From reading and my own testing I believe this is incorrect. Unless specified as secure, a cookie can be read over both http and https on the same domain. – rrrr-o Feb 14 '14 at 14:37
  • @rrrr: Cookies are subject to the same-origin policy (http://en.wikipedia.org/wiki/HTTP_cookie#Secure_cookie), and the scheme (http: / https:) is part of what determines the origin (http://en.wikipedia.org/wiki/Same-origin_policy). – Guffa Feb 14 '14 at 16:54