Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Share a cookie between two websites

Tags:

http

cookies

I have built a website (A) which logs in to and retrieves customer data from a separate web service.

The organisation that owns (A) also has a website (B) which has a web form. They want a logged in customer on (A) to be able to click across to (B) and see a pre-populated form with their details.

This means (A) must write their customer ID to a cookie, which (B) can read, and then (B) can request the data from the web service, and pre-populate the form.

This raises two questions:

  1. Can website (B) read the cookie for website (A)?

  2. If so, to prevent someone from editing a cookie and seeing other people's data in the form, I would need to do something like encrypt the cookie on (A) and then have that decrypted in (B) - any suggestions along this line?

I can't change the existing login to OAuth or something, as the web service is consumed by several other sites, so this cannot change.

like image 750
Sean Avatar asked Sep 11 '12 13:09

Sean

People also ask

How do I share cookies between websites?

To share a cookie between domains, you will need two domains, for example myserver.com and slave.com . One of the domains will issue the cookies and the other domain will ask the first domain what cookie should be issued to the client.

Can I access cookies from different domains?

You cannot share cookies across domains. You can however allow all subdomains to have access.

Can cookie data shared across different browsers?

Cookies can be shared with other data storage, through browser extensions. Maybe in Flash or Google Gears you can maintain shared DB between browsers, but it needs to be installed on both of them, of course.

Are cookies shared between pages?

Cookie is shared by default if you correctly specify the domain and the path.

Video Answer

1 Answers

No. Website B can't read a cookie from website A.

The easiest work-around is to pass login/credential information from website A to website B and have website B set a seperate cookie. For example, after logging into website A you could have them quickly redirected to website B with an encrypted querystring. Website B could then read the information, set its own cookie, and redirect the user back to site A.

It's messy but possible.

like image 182
Chris Van Opstal Avatar answered Sep 20 '22 04:09

Chris Van Opstal
Sign in to Comment

Related questions

How do I find the a referring sites URL in node?
Retrieving HTTP status code from loaded iframe with Javascript
Boolean in a URI query?
WebSockets Energy Consumption
What is the proper HTTP response to send for requests that require SSL/TLS
How to properly send an HTTP message to the client
Is it OK to HTTP redirect images?
Android, sending XML via HTTP POST (SOAP)
HttpWebRequest times out on second call
Firefox setting to enable cross domain Ajax request
Send HTTP request from PHP without waiting for response?
Why isn’t it possible to use a CNAME redirect with HTTPS
Reading body of http.Request without modifying request state?
HTTP Cookies and Ajax requests over HTTPS
How do I parse an HTTP date-string in Python?
How does Content-Security-Policy work with X-Frame-Options?
How to add a pause between 2 requests in POSTMAN
"Ad-hoc webserver" for static files on UNIX/MacOSX?
How to do the chain sequence in rxjs
Using an HTTP PROXY - Python [duplicate]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!