How do I use cookies across two different domains?
On both domains, place an image or other web element that is pulled from the other domain. Use the URL to notify the other domain that user X is on domain A, and let domain B associate that user ID with that user on their system.
It's a little complex to carry out correctly, but if you think it through it'll work out very well.
Vinko points out in a comment (thanks!) that I shouldn't take it for granted that you understand the security risks involved. If this information is of any value to anyone, then you should make sure you use proper encryption, authentication, etc to avoid releasing sensitive information and to avoid various attacks (replay, man in the middle, etc). This shouldn't be too onerous since you control both websites and you can select a secure secret key for both, since the communication is only going between the two servers via this special URL. Keep it in mind though.
-Adam
Share cookie between domains
No, you cannot share cookies across domains. The browser will only send a cookie to the domain (or sub-domains there of) that initially set it.
Read up on the Same origin policy / Cookie policy
Get cookie of a domain by another domain
A web page rendered from one domain cannot read the cookies of another domain. This is by design and is for privacy purposes.
If you absolutely need the value, you will need to add a page to abc.com that reads the cookie and redirects to xyz.com, passing the cookie value as a querystring or form parameter. From that point, xyz.com can read the value from the request and set a cookie or otherwise provide the value to the page.
If you don't have access to xyz.com's code base, you will need to find a design that does not require the cookie to be shared.
Cookies - set across multiple domains
Create a common domain specifically for your cookies and use it as a getter/setter API.
http://cookie.domain.com/set/domain1
http://cookie.domain.com/get/domain1
http://cookie.domain.com/set/domain2
http://cookie.domain.com/get/domain2
and so on.
How to set a cookie for another domain
You cannot set cookies for another domain. Allowing this would present an enormous security flaw.
You need to get b.com to set the cookie. If a.com redirect the user to b.com/setcookie.php?c=value
The setcookie script could contain the following to set the cookie and redirect to the correct page on b.com
<?php
setcookie('a', $_GET['c']);
header("Location: b.com/landingpage.php");
?>
Share cookie between subdomain and domain
If you set a cookie like this:
Set-Cookie: name=value
then the cookie will only apply to the request domain, and will only be sent for requests to the exact same domain, not any other subdomains. (See What is a host only cookie?)
Two different domains (e.g. example.com
and subdomain.example.com
, or sub1.example.com
and sub2.example.com
) can only share cookies if the domain
attribute is present in the header:
Set-Cookie: name=value; domain=example.com
The domain attribute must "domain-match" the request URL for it to be valid, which basically means it must be the request domain or a super-domain. So this applies for both examples in the question, as well as sharing between two separate subdomains.
This cookie would then be sent for any subdomain of example.com
, including nested subdomains like subsub.subdomain.example.com
. (Bear in mind there are other attributes that could restrict the scope of the cookie and when it gets sent by the browser, like path
or Secure
).
Because of the way the domain-matching works, if you want sub1.example.com
and sub2.example.com
to share cookies, then you'll also share them with sub3.example.com
.
See also:
- www vs no-www and cookies
- cookies test script to try it out
A note on leading dots in domain
attributes: In the early RFC 2109, only domains with a leading dot (domain=.example.com
) could be used across subdomains. But this could not be shared with the top-level domain, so what you ask was not possible in the older spec.
However, the newer specification RFC 6265 ignores any leading dot, meaning you can use the cookie on subdomains as well as the top-level domain.
Related Topics
Php: Inserting Values from the Form into MySQL
How to Count Days Between Two Dates in PHP
Can PHP Namespaces Contain Variables
Preg_Match(); - Unknown Modifier '+'
How to Integrate Nodejs + Socket.Io and PHP
Handling Expired Token in Laravel
How to Remove Blank Lines from Text in PHP
Uncaught Reflectionexception: Class Log Does Not Exist Laravel 5.2
How to Scrape Website Content in PHP from a Website That Requires a Cookie Login
Laravel Preg_Match(): No Ending Delimiter '/' Found
Seamless Way to Check If User Likes Page
What's the Best Practice to Set HTML Attribute via PHP
Convert Ascii to Utf-8 Encoding
Save Current Page as HTML to Server