PHP read a cookie that is on another domain

views:

answers:

+1 Q:

PHP read a cookie that is on another domain

Hello,

I have two domains. One domain contains the login script. It creates a cookie when logged in. Another domain have a URL shortener.

So, on the 2nd domain that have the URL Shortener script have a file called session.php. Usually I was using $_COOKIE['sessionid'] to get the session id and match it using database.

How can I get the session id now? I have tried few ways but none of them have solve my problem.

Thank you, pnm123

Cookies are sent by the browser and only to the domain, the cookies were set for.

There is not much (meaning nothing ;) ) you can do.

But if your domains are two different subdomains (e.g. login.yourdomain.com and shortener.yourdomain.com) you just have to set the domain name accordingly to make the cookie valid for all subdomains.
In this case, it would be .yourdomain.com.

You might want to read the documentation of setcookie().

Maybe it is better if you clearly describe what you want to accomplish. Probably there is another solution that does not involve cookies.

Felix Kling 2010-05-27 09:39:23

Isn't there any way to call it back. Like adding a file on 1st domain and call it from the 2nd domain?

pnm123 2010-05-27 09:41:46

@pnm123: What do you mean with *adding a file*?

Felix Kling 2010-05-27 09:42:56

“Not much” is not nothing. ;-)

Gumbo 2010-05-27 09:43:29

@Felix Kling: like call_cookie.php. Actually, I have tried this. I mean using $_COOKIE['....'] on call_cookie.php and call it using file_get_contents() but it didn't work.

pnm123 2010-05-27 09:45:10

@Felix Kling: I am currently using .domain.com cookies all around my site.

pnm123 2010-05-27 09:48:10

behaviour of wildcard domains varies by browser - some (e.g. MSIE) let you pick your own policy

symcbean 2010-05-27 11:57:34

@symcbean: Maybe, I am only referring to the documentation: *To make the cookie available on all subdomains of example.com then you'd set it to '.example.com'. The . is not required but makes it compatible with more browsers.*

Felix Kling 2010-05-27 12:02:27

+1 A:

For obvious security reasons, you can't read a cookie that belongs to another domain. You can do it across sub-domains though.

Why not append the session id to the forwarded URL?

Andy E 2010-05-27 09:40:30

What do you mean by 'append it to the URL'?

pnm123 2010-05-27 09:41:05

@pnm123: as part of the query string: `http://mysite.com/page.php?sid=A12638BCEF2733`

Andy E 2010-05-27 09:53:06

You can't read a cookie from the other domain.
though there are several ways to pass a session id. You can search SO for the cross-domain authorization

The easiest way is to pass a session id via query string

Col. Shrapnel 2010-05-27 09:40:41

You can't. Cookies are bound to a single domain. You can use cookies across multiple subdomains though.

halfdan 2010-05-27 09:40:54

+2 A:

Have you considered using a SSO implementation?

http://www.jasig.org/cas

http://en.wikipedia.org/wiki/Single_sign-on

We use it at work, it's awesome! It means we don't have to worry about these types of problems.

Jamie 2010-05-27 09:42:46

ansaurus

tags:

views:

answers:

PHP read a cookie that is on another domain

related questions