Cookie Domain

Adam has asked for the wisdom of the Perl Monks concerning the following question:

Replies are listed 'Best First'.
Re: Cookie Domain by Ovid (Cardinal) on Jun 20, 2000 at 03:02 UTC
In theory, this is not possible. You can read about RFC2109 to get the technical specifications on what cookies can and cannot do. The best you can do is set the cookie domain name as something like `Domain=.mysite.com`. This will allow `www.mysite.com` or `abc.mysite.com` to retrieve the cookie. Note that in both cases the domain name must be the same (which I assume that you do not want). You can also use an IP address for a domain name. If different domains share the same IP address, you should be able to use the IP address as the domain on the cookie. But then what happens if you need to move a site to a different IP address or change your IP address? Probably not a good solution.	[reply]
Re: Cookie Domain by chromatic (Archbishop) on Jun 20, 2000 at 02:45 UTC
Only if the two sites share the same domain. (Or if you're using Internet Explorer, though that doesn't fulfill the second part of your question. It's a security hole.) You can set domain=.myserver.com and it should be accessible to foo.myserver.com and bar.myserver.com, at least according to Cookie Central.	[reply]
Re: Cookie Domain by httptech (Chaplain) on Jun 20, 2000 at 05:25 UTC
Well, I can think of one kludgy way it could be done theoretically... Say on mysite.com you have a page with an image loaded from myothersite.com. Only the image coming from myothersite.com is actually a CGI script that reads the cookie for myothersite.com, and with some clever backend communication, sends the cookie data to mysite.com. Of course, this wouldn't work if the person enabled the "Accept only cookies that get sent back to the originating server" option in Netscape. So considering it may not be very reliable to do it this way, I would just find a non-cookie solution for whatever you are doing.	[reply]
RE: Re: Cookie Domain by JanneVee (Friar) on Jun 20, 2000 at 13:44 UTC
How about using a session id in the get string. The two server needs just share the session id afterwards.	[reply]
Re: Cookie Domain by BigJoe (Curate) on Jun 20, 2000 at 02:46 UTC
Well if your users are using IE 5 you can read any cookie from any site. If that helps. But other than that I don't think that can happen. --BigJoe	[reply]
RE: Cookie Domain by Anonymous Monk on Jun 20, 2000 at 16:42 UTC
No, they'd need to share a domain. You might be able to work some magic with your banner server which you'd place in the shared domain and have it duplicate the contents of one domain's cookie into the the other domain's cookie, but you'd have to make sure that the page that referenced the banner server didn't need an up to date cookie.	[reply]
RE: Cookie Domain by Adam (Vicar) on Jun 20, 2000 at 04:24 UTC
Thanks guys. Your answers confirmed my fears. And yes I meant two different domains, like MySite.com and MyOtherSite.com, oh well. Thanks again.	[reply]
Re: Cookie Domain by Anonymous Monk on Jun 20, 2000 at 19:57 UTC
you could try doing this, though its kinda clunky. use two cookies. identical except for the domain name. either domain will be able to read one of the cookies. and whenever you write the cookie, write both cookies, updating both of them. i think it'll work.	[reply]
RE: Cookie Domain by Anonymous Monk on Jun 20, 2000 at 08:52 UTC
nope	[reply]


Your skill will accomplish what the force of many cannot
	PerlMonks