Passing cookie data between iframes

Question

Say I have a website, www.example.com, with a login box which sits in an iframe situated in api.example.com. My question is:

1. Is it possible to pass cookie data from the inner iframe (api.example.com to the website, so the website knows when the user logged in?
2. Is it possible to do this client-side, without the need to refresh the whole page? How would the fact that user logged in be passed to the website?

Any solution which works on FF and IE 6/7 would be great.

Answer 1

A cookie can be shared between two domains like api.example.com and www.example.com by having the server specify the cookie domain to be simply example.com. This makes the cookie available to both sub-domains.

FF3 and IE8 support then postMessage standard which allow windows(frames) in different domains to talk to each other. However for IE6/7 you would need an AJAX call to the server to get what ever login confirmation you need but tricky thing would be knowing how to trigger such a request.

Answer 2

You don't have to pass the cookie between them. You need to write the cookie to the right domain though.

Response.Cookies("COOKIENAME").Domain = ".example.com"
Response.Cookies("COOKIENAME").Value= "foo"