proasp_codeclinic thread: not reading cookie contents when I shift to secure server
that makes sense.
Have you any ideas how I can get around this problem?
I can only think of the following solutions:-
1.. I could send the user to the
'https://ssl.utvinternet.com/irish-roots/addtocart.asp' but then
everytime the user clicks on Add to Cart Windows will display the
warning, you are moving to a secure server! which would be annoying to
2.. Session variables probably won't work either for security reasons.
3.. I could have the user on the secure server as soon as they start
shopping but this is discouraged by our host. (maybe I have no choice
What so you think?
----- Original Message -----
From: "Ken Schaefer" <ken@a...>
To: "Code Clinic" <proasp_codeclinic@p...>
Sent: Wednesday, September 26, 2001 7:40 AM
Subject: [proasp_codeclinic] Re: not reading cookie contents when I
shift to secure server
> Firstly a cookie can be read only by a single host, or a single
> can't set a cookie that can be read by multiple domains.
> If your domain is irish-roots.com you can either set a cookie that can
> read by utvinternet.com (but can't be read by irish-roots.com), or you
> set a cookie that can be read by irish-roots.com (but can't be read by
> utvinternet.com). This is a privacy measure, otherwise advertisers etc
> track you no matter where you went on the internet...since they could
> setting cookies that could be read by any domain.
> Secondly, not all cookies that are set under http:// can be retrieved
> https:// - this is a security precaution. If a cookie is marked as
> (your cookie isn't), then it can only be set and retrieved under
> again, this is a security precaution, since you might be putting
> data into the cookie, which would be protected during transmission
> using https://, but would be sent as plain text if the user accidently
> switched to http://