How to Set Cross Domain Cookie using Redirect?

Question

everyone

I have two websites www.web1.com and www.web2.com. Now I want to write a cookie in web1 and make it write to web2 by Response.Redirect. If it works I want to implement a simple sso through this approach. However, I can't read the cookie in web2. Could somebody help me to find out whether there's something wrong with my code or cookies can't be shared cross domain by this way. thanks:)

here's the code:

in www.web1.com/Default.aspx

protected void Page_Load(object sender, EventArgs e)
{
    HttpCookie ck = new HttpCookie("userid", "00000001");

    ck.Expires = DateTime.Now.AddDays(1);

    ck.Domain = ".web2.com";

    Response.Cookies.Add(ck);

    Response.Redirect("http://www.web2.com/Default.aspx");
}

and code in www.web2.com/Default.aspx

protected void Page_Load(object sender, EventArgs e)
{
    if (Request.Cookies["userid"] != null)
    {
        lbCookie.Text = Request.Cookies["userid"].Value;
    }
    else
    {
        lbCookie.Text = "No Cookies";
    }
}

Answer 1

Don't bother setting cross-domain cookies, they will be blocked in most cases in all modern browsers.

Use pure HTTP GET with parameters and server-side encryption to do a cross-domain SSO.

For example, on page www.web1.com/Default.aspx you can add a hidden IFrame to some special page www.web2.com/sso.aspx?userid=<encrypted,timestamped userid> which in turn would set the cookie on web2.com.