• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Cookies across multiple domains

 
Ranch Hand
Posts: 906
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hum... unable to fing the appropriate thread....
But I'll try this one.
I want to share a cookie across multiple domains,lets say www.j18x.com and www.billbailey.com.
How can I do that.
At first glance, the only solution I can imagine is to have 2 cookies (one is nearly the clone of the other) and to use a sendRedirect in order to set each cookie from the domain which will need to use it.
But I'm not satisfied with this solution.

Any better idea ??
 
Ranch Hand
Posts: 287
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The problem with your idea is that cookies are only recognizable by the domain they were issued from. IE: you drop a cookie from www.mysite.com and then try to retrieve and read it from www.yoursite.com......won't work! no if ands or buts. If you think about it it makes a lot of sense. If you could read other sites cookies you could come up with a multitude of information that you shouldnt be looking at.
With that said I think your idea with a redirect and second cookie drop MAY work although yes, it is very clunky. I really cant see any other way to do it. Im just very curious why you need to do this, do the sites share info? Matbe with a little more explanation I might be able to help more.
 
Ranch Hand
Posts: 115
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,
I have tried using Cookie.setPath() to share a cookie across 2 different web application (in same domain).
So I think u may be able to share cookie across 2 diff. domain using Cookie.setDomain().
 
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
...except that there is no "setDomain()" in javax.servlet.http.cook-ie
I agree, it can't be done. It's a security thing.
It may be possible to manage users between multiple domains by centralising the server information (like in a common database) and passing a reference to the session between the domains.
Common implementations of session will not allow you to do this, sessions are managed implicitly to make them scaleable. You would have to throw away the default implementation and recreate session management (and this isn't recommended)
You could then pass the session key you defined between the domains. cook-ies won't let you.
(replace cook-ie with the appropriate word, UBB won't let me...)
Dave.
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Oops, not quite right, there IS a setDomain...
Was just looking at RFC2109 and it doesn't seem to support multiple domains for a single cook-ie.
If you see sections 2 (regarding domain-matching and how it is decided to send what where) and 4.2.2, which states:

and...

Hope I haven't messed things up too badly.
So theoretically you should be able to write a cookie in one domain that gets sent to another, but I haven't seen it used and would be interested in hearing about someone testing it out
Dave.
 
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
A warning about trying this. I think that it should work (haven't tryied it myself). However if you go and look at the settings for cookies in netscape (for example) it specifically has an option to 'only allow cookies that will be returned to the originating server'. This would suggest that it would be best not to rely on the changing domain method as many people might have this set (not actually sure what the default cookie setting is (corporate build here you see)).
Additionally the method that you mention with two cookies is the way that I have seen it most often done (m$ for example do this) i.e. pass cookies when you move in query string and then set cookie on new site.
[ January 16, 2002: Message edited by: Mark Elliott ]
 
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
A note about cookies: You can only share them across "similar" domains. By similar I mean that they have the same "tails".
Example:
You could set the cookie to have Domain=.xyz.com
Then you could set a cookie on www.xyz.com and have it accessible by abc.xyz.com and test.www2.xyz.com

=================================================
As for your proposed solution, that is how we had to implement for our four site names that people could surf in under. It's just a cost of dealing with the security of the cookies.
 
Saloon Keeper
Posts: 27752
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Of course, if they're running Windows, you could use the "supercookie" security hole.
 
Ranch Hand
Posts: 67
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,
I have worked extensively with cookies. But as of my knowledge goes it is not possible to set cookies from one domain and to read them from another domain. Even if it allows to do that doing that way causes big security hole.
 
Ranch Hand
Posts: 167
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I do experience one web site using other web site's cookie, when I surf on the net.(particular user id)
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic