I have a cookie generated on a domain www.foo.bar that I need to share with another website located on www.something.com.bar.
Both sites are hosted on the same server.
Can I do that, and if yes, how?
Thanks.
No, you cannot share cookies across domains. The browser will only send a cookie to the domain (or sub-domains there of) that initially set it.
Read up on the Same origin policy / Cookie policy
Related
I have two different web applications: one is hosted on example.com and the other one is hosted on subdomain.example.com. I want to do so that if user enters one of them for the first time, a cookies banner appears and cookie preferences become same for both applications. In other words, I'd like to share cookies between example.com and subdomain.example.com and viceversa. I know that it should be possible to share cookies with websites hosted on subdomains. But the possibility of sharing cookies with the root domain from subdomain is still not clear to me.
So if users enters subdomain.example.com, can its cookies be sent to example.com? And viceversa?
i have an asp.net website http://www.site.com. This web app is also running on http://subdomain1.site.com and http://subdomain2.site.com. Now i want to set authentication cookie in such a way that http://site.comand http://www.site.comshare authentication cookie but it should not be shared by http://subdomain1.site.com. similarly, http://www.domain1.site.com and http://domain1.site.com should share cookie but it should not be shared by http://domain2.site.com or http://www.domain2.site.com. How can i handle this with asp.net?
By default, cookies are associated with a specific domain. For example, if your site is www.contoso.com, the cookies you write are sent to the server when users request any page from that site. (This might not include cookies with a specific path value.) If your site has subdomains—for example, contoso.com, sales.contoso.com, and support.contoso.com—then you can associate cookies with a specific subdomain.
Response.Cookies["domain"].Domain = "support.contoso.com";
Normally a cookie set on contoso.com will be accessed by all subdomain. but if you want to limit sub domain for the cookie you should manually set domain property for each domain you want them to access.
Regards.
I ended up using different cookie names on different domains as described in this article
Is there a way to share cookies across different domains and different applications (classic ASP and ASP.NET)
No, there isn't.
The issue is the cross domain one, rather than the asp.net/classic asp and is security reasons.
If the domains are subdomains you can share the cookies, provided you use a cookie path that both can access (ie. for the domain sub.example.com you can read and write cookies using the example.com domain).
You can share cookies via some behind the scenes communication between servers, or through querystrings.
Both are ill advised, unless the information in the cookies is harmless (but be aware that harmless looking data quite often isn't actually harmless).
Native support for accessing cookies is not possible cross domain, and probably will never be for security reasons.
you can use cookie convertor which save all the cookies in the share database and try to recreate them again.
I have one dome name. www.abc.com
and i want to speedup all images an d static content from cookies domain.
what i require to do with that?
i want to create new sub domain with name static.abc.com but that time also cookie coming with both domain.
i am user dotnet panel for hosting.
technology is .net
There are two ways to accomplish this. You could set the cookie for FQDN (fully-qualified domain name) of www.abc.com, but this would restrict the cookies to just www.abc.com. This may be stricter than you want.
The more common solution it to register a completely separate domain for cookieless hosting. This is used by many websites already.
Google uses gstatic.com
Facebook uses twimg.com (I think)
Yahoo uses yimg.com (I think)
EBay uses ebaystatic.com
etc.
When you create a cookie, set it's Domain property to ".abc.com", that way the cookie will be shared by both the www.abc.com and static.abc.com subdomains.
I've been reading some posts about web performance, one of the points is to
serve static content from a cookie-free domain, my question is:
Can I share cookies between, let's say example.com and www.example.com, while excluding static1.example.com, static2.example.com, etc?
Or do I need to set a different top level domain?
I know (or I think) that I could set the domain of the cookie to '.example.com', but
correct me if I'm wrong this shares the cookies across all sub-domains.
If you need to share cookies across subdomains you need to scope the cookie at the domain level (e.g. .example.com). When you do that the cookie is available to all the subdomains of .example.com.
For a cookie free static content domain, it is usually a separate domain (e.g. example_staticstuff.com). There is a default two connection limit per domain in HTTP 1.1, so having separate domains often helps speed up simultaneous downloads.
Your assumptions are correct :-)
You would have to set a cookie for each sub-domain you want to authorize with the full host-name. This creates additional HTTP header overhead and would be a maintenance nightmare :[