[nycphp-talk] How to setcookie with two domains
Phil Powell
soazine at erols.com
Mon Oct 14 18:49:53 EDT 2002
yep just as I figured.. which would be a breeze were it not for the wacky
requirements of dealing with ASP, TCL, PHP and HTML files that are all
affected by this query string addition. *sigh*
Phil
----- Original Message -----
From: "Michael Sims" <jellicle at inch.com>
To: "NYPHP Talk" <talk at nyphp.org>
Sent: Monday, October 14, 2002 6:29 PM
Subject: Re: [nycphp-talk] How to setcookie with two domains
> On Monday 14 October 2002 18:00 pm, Phil Powell wrote:
>
> > That I figured.. which leads to a dilemma:
> >
> > I can set cookies to *.domain1.com, however, I am having to also set a
> > cookie value, the same cookie value, to a few remote scripts on
> > *.domain2.com, and since setcookie can't be used twice (I tried doing
> > that and only *.domain1.com was set, *.domain2.com was not), I don't
> > know of an easy solution to set the values of both domains in at least
> > one script?
>
> Setcookie() can be used more than once. The reason it isn't working is
> that it's a security violation for the website domain1.com to be able to
> modify cookies for domain2.com, and the web browser is refusing
> (correctly) to store the cookies for domain2 that you are sending.
>
> See the cookie RFC, section 4.3.2:
>
> http://www.cis.ohio-state.edu/cgi-bin/rfc/rfc2109.html
>
> This RFC does not accurately express the current state of cookie-handling
> in browsers (because it didn't consider country code TLD's), but, eh,
> close enough.
>
> You can still transfer information to domain2.com by loading URLs:
>
> http://domain2.com/script.php?yourvariable=value
>
> and domain2.com could then set its own cookies.
>
>
> --
> Michael Sims
>
>
> --- Unsubscribe at http://nyphp.org/list ---
>
>
More information about the talk
mailing list