I’m developing a simple ASP discussion group.
Basically I've got the NewTopic.asp and Reply.asp scripts living on:
and a Login.asp script which lives on
The NewTopic.asp and Reply.asp scripts check Request.cookies ("LoggedIn"). If the value is "true" then they proceed as normal.
If not, they redirect the usewr to the Login.asp script which lives in the secure directory. It asks for a username and password, checks it against a database etc. A successful submission concludes with the following code:
Response.Cookies("TestLoggedIn") = "True"
Response.Cookies("TestLoggedIn").Domain = "AaronsWebsite.com"
Response.Cookies("TestLoggedIn").Path = "/"
Then it passes control back to the originating script, which should then allow the user to go about their business.
Trouble is it isn't working. Despite all that I'm reading about the Domain property, the NewTopic.asp and Reply.asp scripts don't recognize the cookie set by Login.asp. And the user just gets to log in repeatedly.
I’ve tried passing the user from Login.asp to PostNewTopic.asp both using Response.Redirect (with no HTML having been output) and by outputting a link which the user must click (suspecting that a redirect was wiping the cookie out from the HTTP header data, even though bufferring was off).
Of course, there’s the whole issue of cookie domains, which I learned about on this site. But setting the cookie domain to my original domain, not the https…domain, doesn’t seem to help.
I thought you could set the domain property in your ASP script that lives on one domain to the domain of the other ASP script. I've read several articles, including this one: (http://www.4guysfromrolla.com/webtech/051099-1.shtml
) which seem to say that you can set the domain of your cookie to anything you want.
This one's a stumper. Any suggestions?