Please advise about possible solution?

[camayes]

Ok, I've been trying to find ways to bridge applications over different domains for quite some time.  When it comes down to it, the main problem is recognition of cookies.

So, I did a search and stumbled upon this: http://www.15seconds.com/issue/971108.htm Where it states:

Sharing Cookies Between Domains

Sharing cookies between domains is trickier then sharing cookies between sub-domains of a single domain. An example of this working is the three domains owned by Microsoft, msnbc.com, msn.com, and microsoft.com, these three domains share the same cookie for each user. To share a cookie between domains, you will need two domains, for example myserver.com and slave.com. One of the domains will issue the cookies and the other domain will ask the first domain what cookie should be issued to the client. In this case myserver.com will issue the cookie and slave.com will use the cookie issued by myserver.com. Here is the code that myserver.com will use to issue the cookie:

Example 3 : cookie.inc


    <%

    UID=Request.Cookies("UID")

    If ((IsNull(UID)) OR (Len(UID)=0)) Then

    Set UIDGen=Server.CreateObject("SMUM.Example.1")

    'Here is the method call to assign the cookie
    UID = UIDGen.GetCookie()

    Response.Cookies("UID")= UID
    Response.Cookies("UID").Domain=".myserver.com"
    Response.Cookies("UID").Expires = "December 31, 1999"

    End If

    %>

The object created in this example was demonstrated in the Apr 22, 1997 issue of 15 Seconds entitled: "Active Server Components with VB 5.0." You can download just the object from this issue and use it in the code above. When the GetCookie method is called, a random 128-bit number is produced that is guaranteed to be unique to the user. UID stands for Unqiue IDentifer.

Notice that this code is contained in a cookie.inc file that can be included at the top of all Active Server pages within the myserver.com domain.

Requesting Cookie from Another Domain.

Now the interesting part, how does slave.com get the same cookie from domain.com. This technique is implemented through a set of redirects. Let's take a look at the code that is implemented on slave.com

Example 4 : getcookie.inc


    <%

    UID=Request.Cookies("UID")

    If ((IsNull(UID)) OR (Len(UID)=0)) Then

       strURL=Request.ServerVariables("URL"))
       strQueryString=Request.ServerVariables("QUERY_STRING"))
       

       If (Len(strQueryString)>0) Then
          strReturn= Server.URLEncode(strURL & "?" & strQueryString)
       Else
       strReturn= Server.URLEncode(strURL)
    End If

       Respone.Redirect("http://myserver.com/slave.asp?Return=" &   strReturn)

    End If
    %>

Notice that we do not actually assign the cookie in this page. Instead, if there is no cookie available we redirect to a special page on myserver.com. We also bundle up the address of the page we are on for future use. Let's take a look at slave.asp:

Example 5 : slave.asp


    <!--#include virtual="/cookie.inc"-->
    <%

    strReturn=Server.URLEncode(Request("Return"))

    Response.Redirect("http://slave.com/return.asp?Return=" & strReturn & "&UID=" & UID)

    %>

Notice that we included cookie.inc from Example 3. Since slave.asp resides on myserver.com the cookie that is issued in cookie.inc has a scope of just myserver.com. If the user didn't have a cookie on myserver.com they are given one, because of the code in cookie.inc. This way if they are visiting slave.com first and then visit myserver.com they will have the same cookie. If the user already has a cookie from myserver.com and they visit slave.com for the first time they will be redirected to slave.asp on myserver.com where that cookie will be retrieved. Because the cookie only has the scope of the domain that it is issued on we have to redirect to the master domain to get the cookie and then redirect back to the slave domain. Here is the code for return.asp which resides on slave.com.

Example 6 : return.asp


    <%

    UID = Request ("UID")
    strReturn=Request("Return")

    Response.Cookies("UID")= UID
    Response.Cookies("UID").Domain=".slave.com"
    Response.Cookies("UID").Expires = "December 31, 1999"

    Response.Redirect(strReturn)

    %>

Notice that return.asp sets the UID cookie to the UID that is passed from slave.asp on myserver.com. Because myserver.com passes the same UID as it uses for a cookie, both servers end up with the same cookie for the same user. In other words the user ends up with two cookies on their machine, one from myserver.com and one from slave.com, and they equal the same UID. Also note that the final redirect is back to the page the user requested on slave.com, the redirect uses the return information that the getcookie.inc bundled up. Return.asp should always be called from slave.asp and for no other reason.

View Diagram

In summary, every active server page should include getcookie.inc at the top of the page and if a cookie needs to be set getcookie.inc will handle the problem.

Could this be a possible fix for the issue?  I host with 1and1 and would love to be able to have Coppermine on its own domain, but bridged through another domain for SMF integration.  Please advise.

-C.

[Nibbler]

You could apply the same principle using AJAX, but it's not a very pretty solution. Visitors would have the page refreshing a few seconds after loading.