发表新帖
发表新帖

How to set a cookie for another domain

后端 未结
关注
11 1780
一向
一向 2020-11-22 07:21

Say I have a website called a.com, and when a specific page of this site is loaded, say page link, I like to set a cookie for another site called b.com

相关标签:
11条回答
  • 醉梦人生
    2020-11-22 07:31

    In this link, we will find the solution Link.

    setcookie("TestCookie", "", time() - 3600, "/~rasmus/", "b.com", 1);
    0 讨论(0)
  • 忘了有多久
    2020-11-22 07:35

    You cannot set cookies for another domain. Allowing this would present an enormous security flaw.

    You need to get b.com to set the cookie. If a.com redirect the user to b.com/setcookie.php?c=value

    The setcookie script could contain the following to set the cookie and redirect to the correct page on b.com

    <?php
    setcookie('a', $_GET['c']);
    header("Location: b.com/landingpage.php");
?>
    0 讨论(0)
  • 滥情空心
    2020-11-22 07:42

    see RFC6265:

    The user agent will reject cookies unless the Domain attribute specifies a scope for the cookie that would include the origin server. For example, the user agent will accept a cookie with a Domain attribute of "example.com" or of "foo.example.com" from foo.example.com, but the user agent will not accept a cookie with a Domain attribute of "bar.example.com" or of "baz.foo.example.com".

    NOTE: For security reasons, many user agents are configured to reject Domain attributes that correspond to "public suffixes". For example, some user agents will reject Domain attributes of "com" or "co.uk". (See Section 5.3 for more information.)

    But the above mentioned workaround with image/iframe works, though it's not recommended due to its insecurity.

    0 讨论(0)
  • 轻奢々
    2020-11-22 07:43

    Probaly you can use Iframe for this. Facebook probably uses this technique. You can read more on this here. Stackoverflow uses similar technique, but with HTML5 local storage, more on this on their blog

    0 讨论(0)
  • 离开以前
    2020-11-22 07:46

    Similar to the top answer, but instead of redirecting to the page and back again which will cause a bad user experience you can set an image on domain A. 

    <img src="http://www.example.com/cookie.php?val=123" style="display:none;">

    And then on domain B that is example.com in cookie.php you'll have the following code: 

    <?php
    setcookie('a', $_GET['val']);
?>

    Hattip to Subin

    0 讨论(0)
  • 独厮守ぢ
    2020-11-22 07:46

    Send a POST request from A. Post requests are on the serverside only and can't be accessed by the client.

    You can send a POST request from a.com to b.com using CURL (recommended, serverside) or a hidden method="POST" form (clientside). If you go for the latter, you might want to obfuscate your JavaScript so that the user won't be able to understand the algorithm and interfere with it.

    Make a gateway on b.com to set cookies:

    <?php
    if (isset($_POST['data']) {
        setcookie('a', $_POST['data']);
        header("Location: b.com/landingpage");
    }
?>

    If you want to bring security a step further, implement a function on both sides (a.com and b.com) to encrypt (on a.com) and decrypt (on b.com) data using a cryptographic cypher.

    If you're trying to do something that must be absolutely secure (e.g. transfer a login session) try oAuth or take some inspiration from https://api.cloudianos.com/docs#v2/auth

    0 讨论(0)
 看不清?
提交回复
热议问题