IIS 7 and Above
Application Request Routing (ARR)
Setting domain name for cookies from remote site going through revers...
Last post Nov 29, 2012 10:37 PM by mvolo
Nov 28, 2012 10:15 PM|kotto_bass|LINK
So I got my reverse proxy server setup going, call it proxy.com. Users can make browser requests to a remote site, call it remote.com via the proxy server. Issue is, the cookies in the remote site do not have a domain attribute set, so when they go through
the proxy server, and get stored on the user's browser, they are stored with the domain 'proxy.com' instead of 'remote.com'. How do I set the domain attribute of the cookies from the remote site to 'remote.com'? This will address an existing issue where my
remote site keeps breaking out of iframe in proxy server, unless I visit remote site on separate browser window at least once, before the breakout stops. Apparently, cookies from remote site must be stored on client's pc before iframe page breakout stops.
Nov 29, 2012 05:19 PM|mvolo|LINK
How is your proxy server implemented, using HttpWebRequest?
If so, you would need to get the CookieContainer from the HttpWebRequest, get the cookies, and change their .Domain property to the remote domain before returning them using HttpResponse.Cookies.
Nov 29, 2012 09:39 PM|kotto_bass|LINK
Hi Mvolo, thanks for responding. I forgot to mention 2 things:
- proxy is implemented in IIS 7 using URL Rewrite 2.0 with Application request routing, and settings configured on web.config.
- I do not have any control over the remote site, only rewriting the site's homepage and trying to add it's domain on the cookies so they get saved on the client's browser. However the cookie is getting saved with the proxy's domain by default.
I have seen a case were an attribute is added to the http cookie (HttpOnly) on this link: http://www.dovetailsoftware.com/blogs/gsherman/archive/2011/01/20/using-the-url-rewrite-module-to-set-your-cookies-to-httponly but I am curious if you can add a key/value
pair (domain/value) on a cookie
Nov 29, 2012 10:37 PM|mvolo|LINK
Got it. Here is what I would try:
1. Write an IHttpModule, which subscribes to the SendResponse event. Alternatively, try subscribing to the PostRequestHandlerExecute event.
2. Rewrite the cookies with the new domain:
HttpContext context = ...
foreach(var cookie in response.Cookies)
cookie.Domain = theCorrectDomain;
(the code is heavily paraphrased, but you get the idea)
Let me know if this works for you.