4

Is there a way to specify the port for a HttpCookie?

I have a site that is available at sub.example.com and needs to be deployed at sub.example.com:81 and sub.example.com:82.(so the same domain, different ports -- using Apache2 and mono)

The authentication is done by using cookies specifying the domain and path:

sub.example.com (domain = "sub.example.com" path = "/")
sub.example.com:81 (domain = "sub.example.com:81" path = "/") 
sub.example.com:82 (domain = "sub.example.com:82" path = "/")
// seems that the port in domain is not used...

All works fine for sub.example.com, but when logged on sub.example.com, the page at sub.example.com:81 also receives the 'authentication' cookie set by sub.example.com.

So I want to be able to specify also the port to a httpCookie, to restricts the ports to which this Cookie may be sent. Or maybe there is a workaround to simulate this...

Alex Pacurar
  • 5,801
  • 4
  • 26
  • 33

2 Answers2

2

Just for clarity - no, it's not possible when using HttpCookie.

Christian Genne
  • 190
  • 3
  • 9
1

When creating the cookie, you can set the Port-property of the Cookie to the correct port.

More info can be found at: http://msdn.microsoft.com/en-us/library/system.net.cookie.port%28VS.80%29.aspx

Pbirkoff
  • 4,642
  • 2
  • 20
  • 18
  • 2
    Indeed, you can specify the port to a System.Net.Cookie (http://msdn.microsoft.com/en-us/library/system.net.cookie.aspx)... but the question refers to System.Web.HttpCookie (http://msdn.microsoft.com/en-us/library/zw640823(v=VS.80).aspx) – Alex Pacurar Sep 08 '11 at 14:59
  • Ah, I misread that. What happens if you don't set the domain + port, and let the cookie set the domain itself. Does that work? – Pbirkoff Sep 08 '11 at 16:48
  • 1
    Found a simple/quick solution : all the instances of the site will have a different 'authentication' cookie name: the name of the cookie plus the port number. ex: cookieName80, cookieName81 ...etc... So even if the cookies will be sent to all the instances, the server will look only for the relevant cookie and it will not block the authentication process. – Alex Pacurar Sep 20 '11 at 12:29