Menu
I need an HttpOnly authentication cookie to work on:
mydomain.com
www.mydomain.com
abc.mydomain.com
so that I can be logged into all three places via a single login.
This is working fine, by setting my cookie domain to:
.mydomain.com
here is the response header that sets the cookie:
MYAUTHCOOKIE=FOO; domain=.mydomain.com; path=/; HttpOnly
This all works fine for normal browser requests.
However, I need to make an AJAX request from mydomain.com and www.mydomain.com to abc.mydomain.com.
When I make the request, it isn't passing the authentication cookie. Why is this, and what can i do about it?
If i make a request to the same host as the page the JS resides on, it does send the cookie :s
Here's my request code:
$.ajax({
type: "POST"
, data: { data: { foo: bar} }
, dataType: "json"
, url: "http://abc.mydomain.com/foo"
, timeout: 5000
, success: function (data, textStatus) {
alert('woo!');
}
, error: function (xhr, textStatus, error) {
alert('meh');
}
});
Is this some cross domain policy? Why doesnt the cookie domain make this work?
Thanks
424
According to the same origin policy, subdomains are indeed "hostile" to your top domain, but it can be fixed by setting document.domain (same article).
164
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
