2

I understand that there are a number of ways/hacks to implement cross domain cookies such as iframe, redirects etc. I believe those methods are necessary when different app servers are serving each domain.

Now if both domains are served by the same app server, would there be an efficient and best practice method for handling these cookies? Could the app server in this case, just keep track of the origin and determine which users each request is associated to regardless of what target domain is being requested?

Any input would be greatly appreciated.

Bob

bob dabelina
  • 507
  • 5
  • 20
  • Why do you want to have the same cookies on multiple domains? – Steve McKay Mar 01 '15 at 22:40
  • I want an anonymous user to be able to to access both sites and share information between them. So I need my app server to be smart enough to understand if the user has already obtained a session cookie from site A if he is now on Site B. – bob dabelina Mar 02 '15 at 02:23

2 Answers2

1

Cookies are how a server knows who's talking to it, so having both domains on the same server doesn't really help. When the request comes in, you have the source IP:port, user agent, cookies, and that's about it. IP isn't useful because of NAT (multiple users, one IP) and mobile (one user, multiple IPs--moving from cellular to wifi or vice versa). User agent has similar problems. The answers discussed in Cross-Domain Cookies are still the best options available.

Community
  • 1
  • 1
Steve McKay
  • 2,123
  • 17
  • 26
  • Understood. But is there no way the app server can keep track of all the cookies for both domains? After all it is the same server issuing both. Also master -slave solution i have seen does almost the same where a master server tracks all cookies. – bob dabelina Mar 02 '15 at 04:03
  • Sure, the app server can store the cookies, but it doesn't know who has what cookies without being told by the client. Having everything on one server doesn't make a real difference. Anything you could do with a single server, you could do with multiple servers sharing a database. – Steve McKay Mar 02 '15 at 13:31
0

Unfortunately, there's still not the super-direct way to share user data across domains. I found that the iframe implementation was the most re-usable.

To this end, I created an NPM module to simplify cross-domain sharing. It gives you a function to produce an iframe with a whitelist of your domains, and get/set functions that let you access that iframe from any whitelisted domain.

https://www.npmjs.com/package/cookie-toss

Hope this helps!

jmealy
  • 583
  • 1
  • 5
  • 14