tags:

views:

67

answers:

3
+1  Q: 

Cross-Domain Cookies

I am trying to have two webapps such as WebApp1 and WebApp2.

  1. I am setting one cookie in WebApp1 in the HttpResponse.
  2. How to read the same cookie from HttpRequest at WebApp2?

I know it sounds weired b'coz cookies are specific to websites, we cant access it from different webapp. But i heard of CROSS-DOMAIN cookies which can be shared across multiple webapps.How to implement this requirement using CROSS-DOMAIN cookies.

Please post your suggestions on this....

Note: I am trying this at J2ee webapps

A: 

There's no such thing as cross domain cookies. You could share a cookie between foo.example.com and bar.example.com but never between example.com and example2.com and that's for security reasons.

Darin Dimitrov  2010-07-27 09:15:49
Hi thanks for the reply, can u please add more clarity on configuration part, how to create/configure domain and subdomain in j2ee environment???
 2010-07-27 11:29:15
This is a question that is more adapted to http://serverfault.com where you will get answers from experts in the domain.
Darin Dimitrov  2010-07-27 11:36:24
Hi, I tried having two webapps WebApp.domain.com ==> here i add cookie in respose as follows:Cookie cookie = new Cookie("namedCookie","test");cookie.setDomain(".domain.com");response.addCookie(cookie);WebApp1.domain.com==>Here i tried to access the cookie as follows, but cant able to accessCookie[]cks = request.getCookies();for(int i=0;i<cks.length;i++){out.print("cookie found"+cks[i].getValue());}Any idea on this?
 2010-07-28 07:01:08
+1  A: 

You cannot share cookies across domains. You can however allow all subdomains to have access. To allow all subdomains of example.com to have access, set the domain to .example.com.

It's not possible giving otherexample.com access to example.com's cookies though.

Daniel Egeberg  2010-07-27 09:16:15
+1  A: 

As other people say, you cannot share cookies, but you could do something like this:

  1. centrilize all cokies in a single domain, let's say cookiemaker.com
  2. when the user makes a request to example.com you redirect him to cookimaker.com
  3. cookiemaker.com redirects him back to example.com with the information you need

Of course, it's not completelly secure, and you have to create some kind of internal protocol between your apps to do that.

Lastly, it would be very annoying for the user if you do something like that in every request, but not if it's just the first.

But I think there is no other way...

alcuadrado  2010-07-27 09:23:58

related questions

Which resolution to target for a Mobile App?
iPhone app that access the Core Location framework over web
Displaying version of underlying software in footer of web app?
How Did You Decide Between WISA and LAMP?
What strategies have you employed to improve web application performance?
What skills do you need for proper UI/Interaction/Functional design in Web Apps?
Storing logged in user details
How do you unit test web apps hosted remotely?
Broken chart images in Crystal Reports in web application
Best Way to Begin Learning Web Application Design
JRuby / Rack deployment
How to affordably release a Web App
Best practices for managing and deploying large javascript apps
Building Standalone Applications in JavaScript
iPhone web applications, templates, frameworks?
How do you stress test a web application?
RSS feeds from Gallery2
Recommendation for straight-forward python frameworks
Graphing JavaScript Library
What to use for login ID?
What's your opinion on using UUIDs as database row identifiers, particularly in web apps?
Implementing an online ordering system for a restaurant/cafe.
Web App Beta
What Hosting Service is best for Django applications?
How to make subdomain user accounts in a webapp