Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Internet Explorer set cross domain cookies for authorization

I have two application on next domains: www.bar.com and www.foo.bar.com. Second application makes authorization via first application (using cross domain request) After this I sets cookies to browser, and in the Internet Explorer it doesn't work:

$.cookie("SESSION_KEY", loginResult.sessionKey, {
        expires: 365,
        path: "/",
        domain: ".bar.com"
});

The code works in all browsers excepti Internet Explorer v.9 The cookie doen't set. How can I fix it?

like image 510
Andrew Avatar asked Apr 02 '13 13:04

Andrew


People also ask

How do I enable cookies for a specific website on Internet Explorer?

Settings > View advanced settings. Scroll down to Cookies, and select Don't block cookies Internet Explorer In Internet Explorer, in the menu bar, select Tools > Internet options > Privacy > Advanced. Select Accept or Prompt under First-party Cookies, and Accept or Prompt under Third-party Cookies. Select OK.

Can cookie be set for another domain?

Cookies that are stored and accessed under a specific domain cannot be accessed from a page hosted on another domain. Therefore, the cookie data has to be passed along when leaving one domain and going to the other one.


2 Answers

This is due to IE settings. From the Tools menu, select Internet Options. Navigate to Security tab. Select Internet web content zone and click Custom Level to open the Security Settings.

Locate Miscellaneous settings. Try enabling Access data sources across domains. You might need to restart IE for the settings to take effect.

like image 110
devnull Avatar answered Nov 07 '22 10:11

devnull


IE, as only one web browser in the market, implements partialy P3P standart (which is about acceptance cookies in CORS)

So you can set cookies using server response - to do this you must set this header in server response (which set cookies) (I copy-paste below line from my PHP symfony project) :

$response->headers->set('P3P', 'CP="random_text"');

You must also remember about add flag 'withCredentials=true' to your CORS request (in other case, any cookies will be send/save from request/response).

like image 24
Kamil Kiełczewski Avatar answered Nov 07 '22 09:11

Kamil Kiełczewski