cookie expert help needed 1

[spicymango]

Hi,

I need help in the following senario.

I have a public site with domain mywebsite.com

When I type in mywebsite.com request come to a load balancer. I have 3 web servers on which my site is running, with domains

web1.mywebsite.com
web2.mywebsite.com
web3.mywebsite.com

These server can not be directly access from public, only can be accessed internally (intranet ie

http://web1.mywebsite.com)

When a request comes Load balancer decides which webserver is least bussy and send the request to that server.

No my question is if I am setting cookie and not defining the cookie domain. For my site mywebsite.com, will my cookie be set for domain
mywebsite.com or for the domain of internal boxes like web1.mywebsite.com

Thanks

 

[preachie]

Define .mywebsite.com as cookie domain and the cookie will be accessible regarless if the request is routed to web1, web2 or web3

 

[spicymango]

If I do not define domain name.

I am assumig since javascript runs on the client side once the page is loaded to the browser. And cookie get set and read by javascript on the client side.
And on the front end domain that is entered is mywebsite.com .. so it will set the cookie for mywebsite.com ..what you think?

And even though request goes to the server that has domain web1.mywebsite.com ... domain in the browser stay as mywebsite.com all the time.. ...so I am assuminmg that cookie can be read by domain mywebsite.com ..what you think?

 

[BillyRayPreachersSon]

I would say you should be fine as the website would still be at the URL '

http://www.mydomain.com'

regardless of the internal machine names behind the LB.

You should be able to prove this by disabling boxes 2 + 3, visiting the site to get a cookie from box 1, and then disabling box 1, enabling boxes 2 + 3, and proving they can read the cookie.

Hope this helps,
Dan



Coedit Limited - Delivering standards compliant, accessible web solutions

Dan's Page [blue]@[/blue] Code Couch:

http://www.codecouch.com/dan/

Code Couch Tech Snippets & Info:

http://www.codecouch.com/

 

[spicymango]

I think you are right. One basic concept I want to clear

You said "You should be able to prove this by disabling boxes 2 + 3, visiting the site to get a cookie from box 1, and then disabling box 1, enabling boxes 2 + 3, and proving they can read the cookie."

When you are reading and setting cookie only javascript (not by servere side launuage, like php etc) . And javascript is run on client side. Does back end server has any role to play in it?

 

[BillyRayPreachersSon]

Without them, there would be no web server to deliver any content to the browser, so of course they have a role to play!






Coedit Limited - Delivering standards compliant, accessible web solutions

Dan's Page [blue]@[/blue] Code Couch:

http://www.codecouch.com/dan/

Code Couch Tech Snippets & Info:

http://www.codecouch.com/

 

[spicymango]

No offcouse they have role to play. I was asking does Javascript care about the webserver domain while reading or setting cookie. As it only runs on the client side. It probably cares about the domain that was entered in the browser address bar.

 

[BillyRayPreachersSon]

As I've already said - those machine names are INTERNAL - the load balancer should always present '

http://www.'

as the machine name, not 'web1.', etc.

Therefore, you should not have an issue.

Dan


Coedit Limited - Delivering standards compliant, accessible web solutions

Dan's Page [blue]@[/blue] Code Couch:

http://www.codecouch.com/dan/

Code Couch Tech Snippets & Info:

http://www.codecouch.com/