Cookies being referenced in a second domain

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Katherine Hall
    #1

    Cookies being referenced in a second domain

    I am trying to use a single cookie in two domains. One sets it (and uses
    it), the other uses it. I am trying to use setcookie and set the second
    domain name as the valid domain, but it doesn't seem to be working:


    Tags: None
    • Katherine Hall
      #2
      Cookies being referenced in a second domain

      Try again...

      I am trying to use a single cookie in two domains. One sets it (and uses
      it), the other uses it. I am trying to use setcookie and set the second
      domain name as the valid domain, but it doesn't seem to be working:

      setcookie('phot ographs', 'true', time()+3600,'/', 'example.serveh ttp.com',
      0);

      The first domain is on a linux box, the second is on a pc, if that is
      relavant.

      Thanks


        Comment

        • Alvaro G. Vicario
          #3
          Re: Cookies being referenced in a second domain

          *** Katherine Hall escribió/wrote (Tue, 25 Jan 2005 14:35:22 -0500):[color=blue]
          > setcookie('phot ographs', 'true', time()+3600,'/', 'example.serveh ttp.com',
          > 0);
          >
          > The first domain is on a linux box, the second is on a pc, if that is
          > relavant.[/color]

          Some browsers allow users to block cookies from third parties (domain foo
          sets cookie for domain bar). First of all make sure it's not the case.


          --
          -+ Álvaro G. Vicario - Burgos, Spain
          +- http://www.demogracia.com (la web de humor barnizada para la intemperie)
          ++ Manda tus dudas al grupo, no a mi buzón
          -+ Send your questions to the group, not to my mailbox
          --

            Comment

            • Matthias Esken
              #4
              Re: Cookies being referenced in a second domain

              Katherine Hall wrote:
              [color=blue]
              > I am trying to use a single cookie in two domains. One sets it (and uses
              > it), the other uses it. I am trying to use setcookie and set the second
              > domain name as the valid domain, but it doesn't seem to be working:[/color]

              That's correct and it's designed not to work this way. Look at RFC2965:

              -------------------------------------8<-------------------------------------
              3.3.2 Rejecting Cookies To prevent possible security or privacy
              violations, a user agent rejects a cookie according to rules below.
              The goal of the rules is to try to limit the set of servers for which
              a cookie is valid, based on the values of the Path, Domain, and Port
              attributes and the request-URI, request-host and request-port.

              A user agent rejects (SHALL NOT store its information) if the Version
              attribute is missing. Moreover, a user agent rejects (SHALL NOT
              store its information) if any of the following is true of the
              attributes explicitly present in the Set-Cookie2 response header:

              * The value for the Path attribute is not a prefix of the
              request-URI.

              * The value for the Domain attribute contains no embedded dots,
              and the value is not .local.

              * The effective host name that derives from the request-host does
              not domain-match the Domain attribute.
              [...]
              -------------------------------------8<-------------------------------------

              Have a look at http://www.faqs.org/rfcs/rfc2965.html and the examples
              for 3.3.2.

              Regards,
              Matthias

                Comment

                Previous template Next
                Working...