locked
Setting domain name for cookies from remote site going through reverse proxy server. RRS feed

  • Question

  • User-255964150 posted

    So I got my reverse proxy server setup going, call it proxy.com. Users can make browser requests to a remote site, call it remote.com via the proxy server. Issue is, the cookies in the remote site do not have a domain attribute set, so when they go through the proxy server, and get stored on the user's browser, they are stored with the domain 'proxy.com' instead of 'remote.com'. How do I set the domain attribute of the cookies from the remote site to 'remote.com'? This will address an existing issue where my remote site keeps breaking out of iframe in proxy server, unless I visit remote site on separate browser window at least once, before the breakout stops. Apparently, cookies from remote site must be stored on client's pc before iframe page breakout stops. Thanks!

    Wednesday, November 28, 2012 10:15 PM

Answers

  • User209782248 posted

    Got it.  Here is what I would try:

    1. Write an IHttpModule, which subscribes to the SendResponse event.  Alternatively, try subscribing to the PostRequestHandlerExecute event.

    2. Rewrite the cookies with the new domain:

    HttpContext context = ...
    
    foreach(var cookie in response.Cookies)
    {
         cookie.Domain = theCorrectDomain;
         response.SetCookie(cookie);
    }
    

    (the code is heavily paraphrased, but you get the idea)

    Let me know if this works for you.

    Best,

    • Marked as answer by Anonymous Tuesday, September 28, 2021 12:00 AM
    Thursday, November 29, 2012 10:37 PM

All replies

  • User209782248 posted

    Hi kotto_bass,

    How is your proxy server implemented, using HttpWebRequest?

    If so, you would need to get the CookieContainer from the HttpWebRequest, get the cookies, and change their .Domain property to the remote domain before returning them using HttpResponse.Cookies.

    Best,

    Thursday, November 29, 2012 5:19 PM
  • User-255964150 posted

    Hi Mvolo, thanks for responding. I forgot to mention 2 things:

    - proxy is implemented in IIS 7 using URL Rewrite 2.0 with Application request routing, and settings configured on web.config.

    - I do not have any control over the remote site, only rewriting the site's homepage and trying to add it's domain on the cookies so they get saved on the client's browser. However the cookie is getting saved with the proxy's domain by default.

    I have seen a case were an attribute is added to the http cookie (HttpOnly) on this link: http://www.dovetailsoftware.com/blogs/gsherman/archive/2011/01/20/using-the-url-rewrite-module-to-set-your-cookies-to-httponly but I am curious if you can add a key/value pair (domain/value) on a cookie

    Thursday, November 29, 2012 9:39 PM
  • User209782248 posted

    Got it.  Here is what I would try:

    1. Write an IHttpModule, which subscribes to the SendResponse event.  Alternatively, try subscribing to the PostRequestHandlerExecute event.

    2. Rewrite the cookies with the new domain:

    HttpContext context = ...
    
    foreach(var cookie in response.Cookies)
    {
         cookie.Domain = theCorrectDomain;
         response.SetCookie(cookie);
    }
    

    (the code is heavily paraphrased, but you get the idea)

    Let me know if this works for you.

    Best,

    • Marked as answer by Anonymous Tuesday, September 28, 2021 12:00 AM
    Thursday, November 29, 2012 10:37 PM