0

My current client works with 2 seperate websites

  1. A portal web site
  2. A booking web site

The booking web site is called from the portal, and redirects back to the portal when the booking is done.

But the booking site also exists on its own and is being managed by another party. We can't change anything on that end.

Both the portal and the booking websites can be customized, without affecting each other. This was done "by design", but currently we're facing an issue with the language settings: the language settings of the booking site should be used for the portal.

At this moment within the portal the language is setting by reading a cookie:

HttpCookie cookie = Request.Cookies["LanguageCookie"];

The booking site uses 2 cookies for the same time:

  1. currentPOS
  2. currentLANG

The booking site runs on a sub domain of the portal site.

I've been doing some reading, and in my case I should be able to read those cookies like this:

HttpCookie cookie1 = Request.Cookies["currentPOS"];
HttpCookie cookie2 = Request.Cookies["currentLANG"];

It doens't work, but then again, on other pages they start setting the .Domain property of the cookie.

So my question is, how do I solve this?

Fysicus
  • 71
  • 1
  • 7
  • Check [this](https://stackoverflow.com/questions/18492576/share-cookie-between-subdomain-and-domain) out. – Tudor Jan 16 '18 at 13:47

1 Answers1

0

While the direct solution can possibly be implemented, my advice would be to avoid trying to read cookies from another site. Suppose somewhere at some point, for some reason (e.g. a business reason) the two apps will not share a top level domain but rather will run on unrelated domains? Then what?

A simple solution is to reverse the information flow. Suppose you have site A and site B and A sets an information B wants to read.

Your current approach is to be able to read from B cookies set by A.

The simple solution is to have the opposite flow, it is A that sets the information in B. Technically it can be implemented with a single dynamic element, rendered in A, that calls B, e.g. a pixel image 

<!-- http://a.com/index.html -->
...
    <img src="http://b.com/setParams?currentLang=en />

When rendered in B, this pixel sets the cookie for B so that there are no cross-domain cookies at all. Rather, the information is passed by a direct cross domain call (this is why using images is often used as it is not restricted) and a cookie is only used to store this information at the callee side.

Since it is an image element, just make sure it doesn't alter the page layout at A.

This technique is usually used to track the information across domains and since the contents of such images is meaningless, they are often rendered as 1x1 (one pixel) transparent images (this is where the name pixel comes from).

Wiktor Zychla
  • 44,107
  • 6
  • 65
  • 91
  • The problem is I don't have access to the 2nd site, so the only option I have is to actually reed the cookies created by the other site. – Fysicus Jan 17 '18 at 09:57