Beefy Boxes and Bandwidth Generously Provided by pair Networks
"be consistent"
 
PerlMonks  

Cookie Domain

by Adam (Vicar)
on Jun 20, 2000 at 02:25 UTC ( [id://18895]=perlquestion: print w/replies, xml ) Need Help??

Adam has asked for the wisdom of the Perl Monks concerning the following question:

Not really a perl question so much as it is a CGI question:

Is there a way to give a cookie two domains? In other words, two sites working coopertively to read and write a cookie, but no other sites should read it? Thanks.

Replies are listed 'Best First'.
Re: Cookie Domain
by Ovid (Cardinal) on Jun 20, 2000 at 03:02 UTC
    In theory, this is not possible. You can read about RFC2109 to get the technical specifications on what cookies can and cannot do.

    The best you can do is set the cookie domain name as something like Domain=.mysite.com. This will allow www.mysite.com or abc.mysite.com to retrieve the cookie. Note that in both cases the domain name must be the same (which I assume that you do not want).

    You can also use an IP address for a domain name. If different domains share the same IP address, you should be able to use the IP address as the domain on the cookie.

    But then what happens if you need to move a site to a different IP address or change your IP address? Probably not a good solution.

Re: Cookie Domain
by chromatic (Archbishop) on Jun 20, 2000 at 02:45 UTC
    Only if the two sites share the same domain. (Or if you're using Internet Explorer, though that doesn't fulfill the second part of your question. It's a security hole.)

    You can set domain=.myserver.com and it should be accessible to foo.myserver.com and bar.myserver.com, at least according to Cookie Central.

Re: Cookie Domain
by httptech (Chaplain) on Jun 20, 2000 at 05:25 UTC
    Well, I can think of one kludgy way it could be done theoretically... Say on mysite.com you have a page with an image loaded from myothersite.com. Only the image coming from myothersite.com is actually a CGI script that reads the cookie for myothersite.com, and with some clever backend communication, sends the cookie data to mysite.com. Of course, this wouldn't work if the person enabled the "Accept only cookies that get sent back to the originating server" option in Netscape. So considering it may not be very reliable to do it this way, I would just find a non-cookie solution for whatever you are doing.
      How about using a session id in the get string. The two server needs just share the session id afterwards.
Re: Cookie Domain
by BigJoe (Curate) on Jun 20, 2000 at 02:46 UTC
    Well if your users are using IE 5 you can read any cookie from any site. If that helps. But other than that I don't think that can happen.

    --BigJoe
RE: Cookie Domain
by Anonymous Monk on Jun 20, 2000 at 16:42 UTC
    No, they'd need to share a domain. You might be able to work some magic with your banner server which you'd place in the shared domain and have it duplicate the contents of one domain's cookie into the the other domain's cookie, but you'd have to make sure that the page that *referenced* the banner server didn't need an up to date cookie.
RE: Cookie Domain
by Adam (Vicar) on Jun 20, 2000 at 04:24 UTC
    Thanks guys. Your answers confirmed my fears.

    And yes I meant two different domains, like MySite.com and MyOtherSite.com, oh well. Thanks again.

Re: Cookie Domain
by Anonymous Monk on Jun 20, 2000 at 19:57 UTC
    you could try doing this, though its kinda clunky. use two cookies. identical except for the domain name. either domain will be able to read one of the cookies. and whenever you write the cookie, write both cookies, updating both of them. i think it'll work.
RE: Cookie Domain
by Anonymous Monk on Jun 20, 2000 at 08:52 UTC
    nope

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlquestion [id://18895]
Approved by root
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others chanting in the Monastery: (2)
As of 2024-07-20 10:08 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found

    Notices?
    erzuuli‥ 🛈The London Perl and Raku Workshop takes place on 26th Oct 2024. If your company depends on Perl, please consider sponsoring and/or attending.