Can session be transfered to different domain pointing to the same CF instance?

Question

Let's say I have localhost and localhost2 both pointing to 127.0.0.1

in //localhost/test/test.cfm (\wwwroot\test\test.cfm)

<cfset session.name="HAHA">
<cfcookie domain=".localhost2" name="CFID" value="#session.cfid#">
<cfcookie domain=".localhost2" name="CFTOKEN" value="#session.cftoken#">
<cflocation url="//localhost2/test/test2.cfm" addtoken="false">

in //localhost2/test/test2.cfm (\wwwroot\test\test2.cfm)

<cfdump var="#session#">

I expected //localhost2/test/test2.cfm to show session.name = "HAHA", but it generates a new session instead, why? Is it because I cannot set .localhost2 cookie from localhost?

Thanks!

Answer 1

Sessions can cross domains, but cookies cannot. (Subdomains, as you have discovered, are a bit different.) abc.com does not have access to xyz.com's cookies for security reasons. However, CF itself does not care what domain name you are using.

So, if you had a link which did not pass the cfid and cftoken in the URL, the session would be lost. However, if you passed the id and token in the link (or in the cflocation, etc.), the session would still be live.