Set cookies on another domain using curl

Question

is it possible to use curl or other means to set a cookie on another domain? I have access to the php file on the other domain that can set the cookie but I do not know how to access that php file using curl and then set the cookie.

Answer 1

You can use cURL to get a cookie ID from another domain, and then use that inside your program, but if you mean set a cookie on a browser - no you cannot, cookies can only be set for the domain that they were generated on.

Answer 2

If you are trying to set a way to auto log in (or similar) on the second site, and you control that site, you only really have one option (maybe there are more too I don't know about).

• Generate a nonce and store in db
• Associate the current date / time and the user agent with it
• Attach it to a link to the 2nd site via GET

Now, when the 2nd site receives an inbound link with this GET param, it should

• Verify nonce exists
• Verify user agent hasn't changed
• Verify the time between nonce created and requested isn't too long (I go with 10 minutes).
• Delete nonce

Be Warned

This session could be hijacked, for example by some man in the middle. But the person that hijacks it must do all these things

• View the outgoing nonce
• Copy it and access the site before the original person does
• Have the same user agent string

Keep that in mind.

You could also check for the IP being constant, but this may cause some people to not be authenticated if their IP changes, and it won't help multiple people using the same external IP.