[nycphp-talk] How to setcookie with two domains
Michael Sims
jellicle at inch.com
Mon Oct 14 18:28:30 EDT 2002
On Monday 14 October 2002 18:00 pm, Phil Powell wrote:
> That I figured.. which leads to a dilemma:
>
> I can set cookies to *.domain1.com, however, I am having to also set a
> cookie value, the same cookie value, to a few remote scripts on
> *.domain2.com, and since setcookie can't be used twice (I tried doing
> that and only *.domain1.com was set, *.domain2.com was not), I don't
> know of an easy solution to set the values of both domains in at least
> one script?
Setcookie() can be used more than once. The reason it isn't working is
that it's a security violation for the website domain1.com to be able to
modify cookies for domain2.com, and the web browser is refusing
(correctly) to store the cookies for domain2 that you are sending.
See the cookie RFC, section 4.3.2:
http://www.cis.ohio-state.edu/cgi-bin/rfc/rfc2109.html
This RFC does not accurately express the current state of cookie-handling
in browsers (because it didn't consider country code TLD's), but, eh,
close enough.
You can still transfer information to domain2.com by loading URLs:
http://domain2.com/script.php?yourvariable=value
and domain2.com could then set its own cookies.
--
Michael Sims
More information about the talk
mailing list