How to set a cookie for another domain

Question

Say I have a website called a com  and when a specific page of this site is loaded  say page link  I like to set a cookie for another site called b com  then redirect the user to b com    I mean  on load of a com link I want to set a cookie for b com and redirect user to b com    I tested it  and browser actually received the cookie from a com link  but it didn t send that cookie on the redirection request to b com  Is it normal   Can we set cookies for other domains

User · Answer

You can t  but    If you own both pages then     1  You can send the data via query params  http   siteB com  key value   2  You can create an iframe of Site B inside site A and you can send post messages from one place to the other  As Site B is the owner of site B cookies it will be able to set whatever value you need by processing the correct post message   You should prevent other unwanted senders to send messages to you  that is up to you and the mechanism you decide to use to prevent that from happening

User · Answer

Here is what I ve used   Note  this cookie is passed in the open  http  and is therefore insecure   I don t use it for anything which requires security   Site A generates a token and passes as a URL parameter to site B  Site B takes the token and sets it as a session cookie   You could probably add encryption signatures to make this secure   Do your research on how to do that correctly

User · Answer

In case you have a my-company com and b my-company com instead of just a com and b com you can issue a cookie for  my-company com domain - it will be accepted and sent to both of the domains

User · Answer

see RFC6265      The user agent will reject cookies unless the Domain attribute   specifies a scope for the cookie that would include the origin   server   For example  the user agent will accept a cookie with a   Domain attribute of  example com  or of  foo example com  from   foo example com  but the user agent will not accept a cookie with a   Domain attribute of  bar example com  or of  baz foo example com        NOTE  For security reasons  many user agents are configured to reject   Domain attributes that correspond to  public suffixes    For example    some user agents will reject Domain attributes of  com  or  co uk      See Section 5 3 for more information        But the above mentioned workaround with image iframe works  though it s not recommended due to its insecurity

User · Answer

You cannot set cookies for another domain  Allowing this would present an enormous security flaw   You need to get b com to set the cookie  If a com redirect the user to b com setcookie php c value  The setcookie script could contain the following to set the cookie and redirect to the correct page on b com   lt  php     setcookie  a     GET  c         header  Location  b com landingpage php      gt

User · Answer

Similar to the top answer  but instead of redirecting to the page and back again which will cause a bad user experience you can set an image on domain A     lt img src  http   www example com cookie php val 123  style  display none   gt    And then on domain B that is example com in cookie php you ll have the following code     lt  php     setcookie  a     GET  val       gt    Hattip to Subin

User · Answer

Send a POST request from A  Post requests are on the serverside only and can t be accessed by the client   You can send a POST request from a com to b com using CURL  recommended  serverside  or a hidden method  POST  form  clientside   If you go for the latter  you might want to obfuscate your JavaScript so that the user won t be able to understand the algorithm and interfere with it   Make a gateway on b com to set cookies    lt  php     if  isset   POST  data              setcookie  a     POST  data             header  Location  b com landingpage            gt    If you want to bring security a step further  implement a function on both sides  a com and b com  to encrypt  on a com  and decrypt  on b com  data using a cryptographic cypher   If you re trying to do something that must be absolutely secure  e g  transfer a login session  try oAuth or take some inspiration from https   api cloudianos com docs v2 auth

User · Answer

You can t  at least not directly  That would be a nasty security risk   While you can specify a Domain attribute  the specification says  The user agent will reject cookies unless the Domain attribute specifies a scope for the cookie that would include the origin server    Since the origin server is a com and that does not include b com  it can t be set   You would need to get b com to set the cookie instead  You could do this via  for example  HTTP redirects to b com and back

User · Answer

Probaly you can use Iframe for this  Facebook probably uses this technique  You can read more on this here  Stackoverflow uses similar technique  but with HTML5 local storage  more on this on their blog

User · Answer

Setting cookies for another domain is not possible    If you want to pass data to another domain  you can encode this into the url   a com  - gt   b com redirect info some info  and set cookie  - gt  b com other page

User · Answer

In this link  we will find the solution Link   setcookie  TestCookie       time   - 3600     rasmus     b com   1

[javascript] How to set a cookie for another domain

Examples related to javascript

Examples related to cookies

Examples related to redirect