Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Cookies - set across multiple domains

My company has a setup as follows:

  • subdomain1.domain1.com
  • subdomain2.domain1.com
  • subdomain3.domain1.com
  • subdomain4.domain1.com
  • subdomain5.domain1.com
  • subdomain6.domain1.com

  • subdomain1.domain2.com

  • subdomain2.domain2.com
  • subdomain3.domain2.com
  • subdomain4.domain2.com
  • subdomain5.domain2.com
  • subdomain6.domain2.com

On each site, bearing in mind there can be a hundred sites per subdomain, users can log in. We, as developers, have to test frontends across several browsers, but some work may only be required on a section once logged in.

I have written a userscript which enables us to save a username and password (and other details which I cannot mention because of confidentiality). The script checks to see if the user account exists by filling in the login form and clicking the submit button. If not, it registers for us - thus automating the registration process.

Sharing cookies between subdomains on the same domain is easy. If I am on subdomain1.domain1.com I can save a cookie which can be retrieved by subdomain2.domain1.com. However, I would also like to save these for domain2. I do not appear to be able to get this to work.

I can see two solutions from here - either:

1) attach an iFrame using the userscript, which loads a site on domain2. This then uses the querystring to decide what to set to what, or;

2) use a form with method="POST", and simply post to a file on each domain.

Either way will be resource intensive, particularly if the cookies are updated each time a cookie changes. We also have URL masking in place. So we'd also have to take into account sites like abc.clientdomain1.com, abc.clientdomain2.com etc.

Does anyone know of an easier way to do achieve this?

like image 359
ClarkeyBoy Avatar asked Dec 06 '11 20:12

ClarkeyBoy


People also ask

Can you set a cookie for multiple domains?

As you may know, cookie can't be set in a different domain from another domain directly. If you're having multiple sites in where you need to set a cookie from a parent site, you can use basic HTML and JS to set the cookies. Google is using this same way.

Can cookies be read across domains?

Yes, there are different ways where you can allow cookie set by one domain use/read by other domains, such are encoding cookie into url. Here i talk about xhrFields withCredentials = true approach which enables sharing the credentials such as cookies, authorized headers between different domains.

Is cookie shared between domains?

Cookies aren't shared between different domains without an explicit CORS origin policy. Sharing cookies between sites on the same domain and even subdomain is easy enough when navigating the web through a browser UI.


2 Answers

This answer is a slightly different version of my answer on the question "Set cookie on multiple domains with PHP or JavaScript".

Do what Google is doing. Create a PHP (or any other server language file) file that sets the cookie on all 3 domains. Then on the domain where the login is going to be set, create a HTML file that would load the PHP file that sets cookie on the other 2 domains. Example:

<html>
 <head></head>
 <body>
 Please wait..........
 <img src="http://domain2.com/setcookie.php?user=encryptedusername"/>
 <img src="http://domain3.com/setcookie.php?user=encryptedusername"/>
 </body>
</html>

Then add an onload callback on body tag. The document will only load when the images completely load that is when cookies are set on the other 2 domains. Onload Callback :

<head>
 <script>
 function loadComplete(){
  window.location="http://domain1.com";//URL of domain1
 }
 </script>
</head>
<body onload="loadComplete()">

Now cookies are set on the three domains.

Source

like image 116
Subin Avatar answered Oct 14 '22 16:10

Subin


Create a common domain specifically for your cookies and use it as a getter/setter API.

http://cookie.domain.com/set/domain1
http://cookie.domain.com/get/domain1

http://cookie.domain.com/set/domain2
http://cookie.domain.com/get/domain2

and so on.

like image 13
AlienWebguy Avatar answered Oct 14 '22 15:10

AlienWebguy