0

I am developing two websites names www.web1.com and www.web2.com. In web1 I am saving a http cookie as below

 HttpCookie AuthCookie = new HttpCookie(AppConstants.Cookie.AUTH_COOKIE);
 AuthCookie.Path = "/";
 AuthCookie.Value = "value1";
 Response.Cookies.Add(AuthCookie);

Now what I want is to read this cookie in the second website i.e. web2. I am trying to read it using HttpClient as below

 HttpClientHandler handler = new HttpClientHandler();
 handler.CookieContainer = new CookieContainer();

 HttpClient client = new HttpClient(handler);
 response = client.GetAsync("http://www.web1.com").Result;

 var cookies = cookies.GetCookies(new Uri("http://www.web1.com"));

This doesn't returns any cookies, checked via Fiddler as well. But if I directly open the www.web1.com and check fiddler then it sends the cookie.

Please see what I am missing so that the cookie is not returned from httpclient.

Thanks,
SB

Sumit Bakshi
  • 23
  • 1
  • 7

2 Answers2

0

You can't get or set cookies for another domain. That would be a huge security issue. (would you want me reading your site's cookies on my site?)

Some related posts:

  1. Create a asp.net authenicated cookie on 1 site for another
  2. I need to get all the cookies from the browser
  3. Create cookie with cross domain
  4. Cross domain cookies

UPDATE: A bit of clarification: As a server, you can't get or set cookies on a client for another domain, which is what you want to do. As a client, you can modify / delete cookies that a server sets for you.

  1. In your example, your server-side code is making the request to web1.com. You are not going to get a cookie for a random client. The client isn't involved at all in your code above.

  2. If I visit web1.com and you set a cookie called "username" with a value of "bob", I can, as a client, modify this cookie to have a value of "admin" and then potentially have admin rights to your site, depending on how you are handling your cookies.

Community
  • 1
  • 1
MikeSmithDev
  • 15,731
  • 4
  • 58
  • 89
  • Thanks, I understand your point but I am bit confused since if I send the HttpClient request to www.google.com then it returns back two cookies something like PID and HRef. So is there some kind of setting in cookies which allows it to be send back ? – Sumit Bakshi Sep 04 '13 at 05:43
  • @SumitBakshi Probably because those are your server's cookies for its request to google. – MikeSmithDev Sep 04 '13 at 12:23
0

Not sure if this would work properly in your case but AuthCookie.Domain = "IP/Domain"; should do the job for you.

Having said that there are other alternatives like query string and page post on other domain that might interest you.

Vinay Pandey
  • 8,589
  • 9
  • 36
  • 54
  • Thanks right now all my cookies have the same domain as localhost but still I am not getting the cookies info back using httpclient.
    Page post and query string is not an option as it will cause the page refresh or redirect which would be a problem for the user. Please suggest.     – Sumit Bakshi Sep 04 '13 at 05:44