Hum... unable to fing the appropriate thread.... But I'll try this one. I want to share a cookie across multiple domains,lets say www.j18x.com and www.billbailey.com. How can I do that. At first glance, the only solution I can imagine is to have 2 cookies (one is nearly the clone of the other) and to use a sendRedirect in order to set each cookie from the domain which will need to use it. But I'm not satisfied with this solution.
Any better idea ??
/ JeanLouis<br /><i>"software development has been, is, and will remain fundamentally hard" (Grady Booch)</i><br /> <br />Take a look at <a href="http://www.epfwiki.net/wikis/openup/" target="_blank" rel="nofollow">Agile OpenUP</a> in the Eclipse community
The problem with your idea is that cookies are only recognizable by the domain they were issued from. IE: you drop a cookie from www.mysite.com and then try to retrieve and read it from www.yoursite.com......won't work! no if ands or buts. If you think about it it makes a lot of sense. If you could read other sites cookies you could come up with a multitude of information that you shouldnt be looking at. With that said I think your idea with a redirect and second cookie drop MAY work although yes, it is very clunky. I really cant see any other way to do it. Im just very curious why you need to do this, do the sites share info? Matbe with a little more explanation I might be able to help more.
...except that there is no "setDomain()" in javax.servlet.http.cook-ie I agree, it can't be done. It's a security thing. It may be possible to manage users between multiple domains by centralising the server information (like in a common database) and passing a reference to the session between the domains. Common implementations of session will not allow you to do this, sessions are managed implicitly to make them scaleable. You would have to throw away the default implementation and recreate session management (and this isn't recommended) You could then pass the session key you defined between the domains. cook-ies won't let you. (replace cook-ie with the appropriate word, UBB won't let me...) Dave.
Oops, not quite right, there IS a setDomain... Was just looking at RFC2109 and it doesn't seem to support multiple domains for a single cook-ie. If you see sections 2 (regarding domain-matching and how it is decided to send what where) and 4.2.2, which states:
Hope I haven't messed things up too badly. So theoretically you should be able to write a cookie in one domain that gets sent to another, but I haven't seen it used and would be interested in hearing about someone testing it out Dave.
A warning about trying this. I think that it should work (haven't tryied it myself). However if you go and look at the settings for cookies in netscape (for example) it specifically has an option to 'only allow cookies that will be returned to the originating server'. This would suggest that it would be best not to rely on the changing domain method as many people might have this set (not actually sure what the default cookie setting is (corporate build here you see)). Additionally the method that you mention with two cookies is the way that I have seen it most often done (m$ for example do this) i.e. pass cookies when you move in query string and then set cookie on new site. [ January 16, 2002: Message edited by: Mark Elliott ]
A note about cookies: You can only share them across "similar" domains. By similar I mean that they have the same "tails". Example: You could set the cookie to have Domain=.xyz.com Then you could set a cookie on www.xyz.com and have it accessible by abc.xyz.com and test.www2.xyz.com
================================================= As for your proposed solution, that is how we had to implement for our four site names that people could surf in under. It's just a cost of dealing with the security of the cookies.
Hi, I have worked extensively with cookies. But as of my knowledge goes it is not possible to set cookies from one domain and to read them from another domain. Even if it allows to do that doing that way causes big security hole.