|
|
cookies across multiple domains
|
|
|
|
Junior Member
Join Date: May 2003
Status:
Offline
|
|
Hey guys,
Can anyone tell me how to set a cookie with php so that it works across two of my domains. Is that even possible?
Jon
|
|
|
|
|
|
|
|
|
Senior User
Join Date: May 2001
Location: Nottingham, UK
Status:
Offline
|
|
I don't think that's possible. Would be quite a security risk. You can set cookies that work across sub-domains (like site1.mydomain.com and www.mydomain.com), but i don't think you can set a cookie to work from a totally different domain.
|
|
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Oct 2003
Status:
Offline
|
|
I think that would be a breach of the cookie protocol. I don't think it is possible.
If you are using the cookie for sessions, to go cross domain, you can pass the session ID the URL between the 2 domains.
|
|
|
|
|
|
|
|
|
Junior Member
Join Date: May 2003
Status:
Offline
|
|
well, it's across domains, but they are both hosted on the same server. The are essentially sub-domains, ie.. site1.mydomain.com, site2.mydomain.com. Would that help?
|
|
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Oct 2003
Status:
Offline
|
|
Originally posted by jon31:
well, it's across domains, but they are both hosted on the same server. The are essentially sub-domains, ie.. site1.mydomain.com, site2.mydomain.com. Would that help?
if it is subdomains and not multiple domains (I am getting confused because you say across domains but in your example both are the same domain) if you set the cookie domain to "mydomain.com" and cookie path to "/", the cookies should be accessible to both subdomains from any path on the sites.
if using PHP you can do something like this where you want to set the cookie:
setcookie( string name, string value, int expire, string path, string domain, int secure);
so your example with a cookie lifetime of 60 days (lifetime is in seconds):
[php]
setcookie('cookie_name', 'cookie_value', 5184000, '/', 'mydomain.com', 0);
[/php]
|
|
|
|
|
|
|
|
|
Junior Member
Join Date: May 2003
Status:
Offline
|
|
Sorry to be confusing. I have 3 domains, one is my main domain, the other's are add-on domains to my account.
So, my main domain is jmarus.com, but I have two domains that are addons, that just point to different directories of jmarus.com.
|
|
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Oct 2003
Status:
Offline
|
|
Originally posted by jon31:
Sorry to be confusing. I have 3 domains, one is my main domain, the other's are add-on domains to my account.
So, my main domain is jmarus.com, but I have two domains that are addons, that just point to different directories of jmarus.com.
Ok, but cookies are domain based and not server or directory path based (though they can be restricted to paths but again this is based on domain and not server path)...
again, multiple domains cannot share cookies. subdomains can. If you made your add-on domains subdomains of your main domain, then they could share cookies, but as separate domains they cannot.
|
|
|
|
|
|
|
|
|
Mac Enthusiast
Join Date: Jan 1999
Location: Marietta, GA, USA
Status:
Offline
|
|
Originally posted by jon31:
Sorry to be confusing. I have 3 domains, one is my main domain, the other's are add-on domains to my account.
So, my main domain is jmarus.com, but I have two domains that are addons, that just point to different directories of jmarus.com.
If your other domains are sub-domains, such as images.jmarus.com and files.jmarus.com, yes, the code shown above will work. If they are not in the jmarus.com domain, it's not possible...
|
Scott Genevish
scott AT genevish DOT org
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Nov 1999
Status:
Offline
|
|
Originally posted by jon31:
Sorry to be confusing. I have 3 domains, one is my main domain, the other's are add-on domains to my account.
So, my main domain is jmarus.com, but I have two domains that are addons, that just point to different directories of jmarus.com.
If you set document.domain to "jmarus.com" before setting any cookies (doing it at the beginning of the script is fine), then it should work.
|
You are in Soviet Russia. It is dark. Grue is likely to be eaten by YOU!
|
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Oct 2003
Status:
Offline
|
|
Originally posted by Millennium:
If you set document.domain to "jmarus.com" before setting any cookies (doing it at the beginning of the script is fine), then it should work.
many browsers now come setup by default to only accept cookies from sites you navigate to, or if a site attempts to give you a different cookie than the current domain, some throw a security warning.
You could also set with php the cookie.domain value, but with either of these, how would the browser interpret it? I do not know, but I think it would see it as an "outside" cookie, one from a domain you did not navigate to, which many now block by default or warn against. But I honestly don't know how a browser would handle setting the cookie domain to one other than the domain navigated to.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|