0

I know browsers block cross domain cookies for security reasons. I'm wondering if there is a way around it? I have a WP website and also a url shortener, the URL shortener does some tracking by grabbing the WP username from the cookie, if it is set.

I've moved my url shortener to a new short domain and obviously the tracking system has stopped grabbing the username from the cookie. Is there any way I can reintroduce this functionality?

Goodbytes
  • 704
  • 2
  • 10
  • 28

1 Answers1

0

Cross domain can be allowed by the header Access-Control-Allow-Origin: *.

But you cannot share cookies through domains.

An alternative solution from this SO anwser:

You could do something like this:

  • centrilize all cokies in a single domain, let's say cookiemaker.com
  • when the user makes a request to example.com you redirect him to cookimaker.com
  • cookiemaker.com redirects him back to example.com with the information you need

Of course, it's not completelly secure, and you have to create some kind of internal protocol between your apps to do that.

Community
  • 1
  • 1
Cyrbil
  • 6,341
  • 1
  • 24
  • 40
  • I have managed to grab the cookie from domain A by adding an image tag to the page which is in fact a PHP script on domain B that grabs the cookie and encodes it and then passes it through. It works ok but maybe not secure as if someone was to intercept the url then they basically have access to that cookie. – Goodbytes Jul 02 '15 at 10:38
  • The above doesn't work in Safari. The most important browser for me :( – Goodbytes Jul 02 '15 at 10:53
  • Can't you simply pass the username that you need into the URL shortener call (with query string ...) ? – Cyrbil Jul 02 '15 at 10:55
  • There is no way to retrieve it apart from the cookie. – Goodbytes Jul 02 '15 at 11:21