0

I have 2 sub-domains: 'secure' and 'downloads' of the same domain: "10.0.50.18".

on 'downloads' I set a cookie using jQuery like this: 

$.cookie("width", w, {domain: "10.0.50.18"});

on 'secure', i am trying to read that cookie like this:

$width = $_COOKIE["width"];

yet it is not working.

can anyone help please? Thank you!

yogev
  • 159
  • 9

3 Answers3

2

Cookies wont work across subdomains unless you specify when creating the cookie. You will need to do something like this:

$.cookie("width", w, {domain: ".mydomain.com"});

This will allow all sub domains of mydomain.com to share the cookie.

haxtbh
  • 3,467
  • 1
  • 21
  • 22
  • 1
    Well put. I'd add that if your "secure" subdomain is a different protocol (https instead of http, for example), you still might run into issues. You can can read http cookies from https, but not the other way around. – Malcolm Diggs Oct 01 '14 at 11:56
  • Thanks, but if you look at my question, this is exactly what i said I was doing already... – yogev Oct 01 '14 at 12:04
  • Its not the same as what you are doing. You are putting a IP address in the domain part. This just will not work. Cookies work with domain hosts. Please note the . before the domain name, this allows for subdomains. – haxtbh Oct 01 '14 at 12:43
  • so if the full addresses for my site is: https://10.0.50.18/secure/welcome.php and https://10.0.50.18/downloads/games.html, what should i pass the cookie? ".download"? – yogev Oct 05 '14 at 09:04
0

Sorry it is impossible to use cookies from different domains the way you are trying. some interesting proposals of solutions you can read here Cross-Domain Cookies

Community
  • 1
  • 1
R A
  • 827
  • 13
  • 25
0

You can set a cookie to an IP address, you just cannot use wildcards with it. 

domain .10.0.50.18 is not valid
domain 10.0.50.18 is valid

IP addresses do not easily follow organizational boundaries in the way DNS domains do. An IP address with a number one less or one greater than the IP address of the web server may not necessarily reside in the same organization. For security reasons any form of wild-carding of IP addresses in the domain attribute of a cookie is not permitted. This effectively removes the usefulness of the domain attribute for any form of IP address.

From http://www.ietf.org/rfc/rfc2109.txt

Fully-qualified host name (FQHN) means either the fully-qualified domain name (FQDN) of a host (i.e., a completely specified domain name ending in a top-level domain such as .com or .uk), or the numeric Internet Protocol (IP) address of a host. The fully qualified domain name is preferred; use of numeric IP addresses is strongly discouraged.

Jay Blanchard
  • 34,243
  • 16
  • 77
  • 119
  • Thanks for the answer. Only thing is, I wasn't using .10.0.50.18 but 10.0.50.18, which you said was suppose to be fine - yet it does not work... what if my FQHN is: https://10.0.50.18/secure/welcome.php what should i pass as the domain for the $.cookie() method? – yogev Oct 01 '14 at 14:25
  • Your FQDN is not the IP address - it is your actual domain name. – Jay Blanchard Oct 01 '14 at 14:31
  • With an IP how do you expect to address a sub-domain @yogev? – Jay Blanchard Oct 01 '14 at 16:21