Same cookie to 2 domain drupal which is One site - drupal

I have a Drupal 6.22 webpage. And I have a .de and a .at top level domain. Now the .at domain is an alias of .de. And I want:
I want to use the .at and the .de domain separately, exactly when anybody open my .at/indexp.php, not drop trough the .de domain.
I want to monitoring the incoming users.
So I want to hosting 2 site from 1 server, and I want to have a same login cookie, so anybody log in at .at, and navigating to .de, he keep logged in.
I know, the 2 page with same cantainment is killing the SEO, so thats a new more question.
I tried to solve the "Same Cookie" problem width $cookie_domain, but i can't. As I read, it's just working with 2 different server's 2 different sites.

Without some coding to authenticate the user between both sites, you can't do this.
Technically, browser won't send the cookies to other domains.
If the $cookie_domain is example.com, then www.example.com, extras.example.com will not get the cookies of example.com.
If it's .example.com, all example.com and its sub domains will get the cookies from browser. (note the leading dot before example.com)
You can't send example.com's cookies from another domain. That's why you are seeing you get redirected to Youtube and back to google when you login at a google domain.
You can point both domains to the same domain and it will work without a problem. But users will have to login twice in both sites.
Alternately you can send the user to the other site right after they login.
For an example, when user logs in at example.com, when the login is successful, send the user to the other domain immediately and the other site (example.net for instance) can do the same authentication and send user back to the origin site.
I don't know any module that does this though.

Related

Sharing cookies between domain and subdomain and viceversa

I have two different web applications: one is hosted on example.com and the other one is hosted on subdomain.example.com. I want to do so that if user enters one of them for the first time, a cookies banner appears and cookie preferences become same for both applications. In other words, I'd like to share cookies between example.com and subdomain.example.com and viceversa. I know that it should be possible to share cookies with websites hosted on subdomains. But the possibility of sharing cookies with the root domain from subdomain is still not clear to me.
So if users enters subdomain.example.com, can its cookies be sent to example.com? And viceversa?

asp.net website, authentication when url is with www and without www

I have website built with ASP.NET MVC. The website has SSL so I have a redirection from any call to https.
However, when a user is loging in, I can have two tabs, one with the website open using www and the other is not using www: https://example.com and https://www.example.com.
If a user is logged in using one form of url I would expect the browser to notice that the user is logged in even if the other tab uses the other form of url. But this is not the case. The browser (Chrome on Windows) does not recognizes that the user is logged in.
How can I handle that so the user will appear logged in using any form of url?
You should setup a 301 redirect from www.example to example or example to www.example so your users only use the application from a single domain. Many websites (Facebook, Reddit, and StackOverflow to name a few) use a 301 redirect from www.domain.com to domain.com.

How To Prevent Cookies From Being Created Under Different Hosts

I've run into a problem and I'm not sure how to go about fixing it. Here is the scenario.
A user visits my website (www.MyWebSite.com) and clicks on a button that puts a cookie on their computer. If I examined that cookie on their machine it would list the "host" as www.MyWebSite.com.
If the user then changes the URL in their browser to MyWebSite.com (without the www) reloads the page and then clicks on the button, a brand new cookie with the same name as the first cookie is created. The host of this cookie is MywebSite.com
Obviously this is not good - beside two cookies with the same name, only the cookie with the corresponding URL address is being read by my program.
Can I force cookies to be created with the www host and/or can I force the page to be www or what??? What and how is the best way to prevent this problem?
Cookie Creation using VB.net
Response.Cookies("AAA")("bbb") = strABC
Response.Cookies("AAA").Expires = DateTime.Now.AddDays(1)
Any help is greatly appreciated.
For (obvious) security reasons you can only read cookies that are set by the same domain the user requests. It doesn't matter if it is just a difference like in your example, or an entirely different domainname.
What you could do in this situation (it should improve your SEO as well), is redirect (301) all traffic from the site without www to the site with www.
If you're using IIS 7 or higher, you can find an example on how to do that with URL Rewrite here: http://weblogs.asp.net/owscott/archive/2009/11/27/iis-url-rewrite-rewriting-non-www-to-www.aspx
That's for security reasons. Any subdomain of a host is considered to be another realm, another world.
If you want your cookies to be sent to your subdomains too, then start the Host attribute of the cookie with a .. In other words, set your cookie for .MyWebSite.Com.
See Wikipedia for more information.

ASP .NET create other Session when switch to http://example.com or http://www.example.com

If I type http://example.com and login to my site and close my browser, re-open it and retype http://example.com then I am logged in.
However, when I type http://example.com, login, close the browser, re-open it, type http://www.example.com then I am NOT logged in.
I do not use ASP .NET authentication classes.
I run IIS 6 with both example.com and www.example.com URLs added to "Multiple identities for this web site" in IIS.
I do not wish the current behavior. Are there other things that can be affected because of this behavior?
Please make sure from your domain panel that it is referring to same IP Address and code.
I was having same issue and found that IP Address was different.
The problem is that you can't share cookies between example.com and www.example.com, due to a quirk in the cookie specification.
Instead, what you should do is pick one of the domains as your primary. Then, detect references to the other domain, and redirect users from there back to the primary. For example, you could choose www.example.com as the primary, and redirect references to example.com back to www.example.com.
That way, the authentication cookies will be present if the user tries to switch from one domain to another.

Asp.net forms authentication and multiple domains

I have two domains, domain1.com and domain2.com pointing at the same asp.net website which uses asp.net build in form authentication. The problem is that even if the domains point to the same website the user only get authenticated for one domain at a time. So if he uses www.domain1.com first and then visits www.domain2.com it's the same website in the back but he only is authenticated for www.domain1.com. The same thing happens if he uses www and not www when visiting the sites.
This is what I use to login:
FormsAuthentication.RedirectFromLoginPage(username, cookie.Checked);
To check login:
User.Identity.IsAuthenticated
How can I make the user gets authenticated for all domains that points to the same website?
What you're after is a Single Sign-on solution.
As ASP.NET authentication is at it's heart generally cookie based, there are two things to look at:
Set your cookies correctly.
Bounce your users to the alternative domain during signup.
Looking at both of these in more depth:
1. Setting cookies correctly
You need to ensure that ASP.NET is writing the authentication ticket cookies to the root domain, rather than the explicit domain this is done using the domain attribute of the forms element:
<forms
name="name"
loginUrl="URL"
defaultUrl="URL"
domain=".example.com">
</forms>
You should set your domain to ".example.com" - note the leading period - this is the key. This way requests to example.com and www.example.com will both read the cookie correctly, and authenticate the user.
2. Bounce users to the alternative domain
What we have implemented on a few sites that use a single sign on is a round trip login process. The user authenticates on the first domain, we encrypt the login details, and redirect them to a known page on the second domain, log them in there, and then redirect back to the original server.
This client side redirection is important - cookies are only written when there is a response back to the client, and the browser has to visit the second domain to actually see the cookies.
Other details to consider in this sort of set-up:
You probably want to have a timeout on the encrypted sign-in details - so that recalling that URL from the browser history doesn't automatically log the user in.
If the domains are on different servers, you will need to ensure that either the machine keys are configured the same, so that you can encrypt and decrypt the details correctly, or use some other shared key.
You will probably want to have a mechanism in place to recall the users ReturnUrl from the original server so that you can send them back to the correct place.
You could also take a look at "Forms Authentication Across Applications"
You could try setting cookieless="true".
You should read Explained: Forms Authentication on MSDN. They cover Cross-Domain Authentication.

Resources