-1

I have two domains: sharepoint.server.com AND app.server.com

In the application from domain app.server.com I do invisible ntlm authentication on the server sharepoint.server.com.

sharepoint.server.com returns me its cookies. How is it possible to write these cookies to the browser's memory?

It's possible to write these cookies, but just with domain app.server.com, but I need to write it with domain sharepoint.server.com.

So, if it's written to the browser's memory, sharepoint.server.com will never show authentication user window again based on the existing cookies. However, it cannot read these cookies, because it's different domain.

DefaultHttpClient httpClient = new DefaultHttpClient(cm,params);
httpClient.getAuthSchemes().register("ntlm", new NTLMSchemeFactory());
httpClient.getCredentialsProvider().setCredentials(new AuthScope(AuthScope.ANY),
new NTCredentials("login", "pass", null, "server.net"));
HttpGet httpget = new HttpGet("htts://sharepoint.server.com/");
HttpResponse response;
try {
     response = httpClient.execute(httpget);
     StatusLine entity = response.getStatusLine();
     System.out.println("executing request " + httpget.getRequestLine());
     System.out.println(entity.toString());
     System.out.println("");
Header[] headers = response.getAllHeaders();
for (Header header : headers) {
      System.out.println(header.getName() + " : " + header.getValue());
}
List<Cookie> cookies = httpClient.getCookieStore.getCookies();
for(Cookie cookie:cookies)
{
JavaApp.getInstance().getMainWindow().executeJavaScript(
"document.cookie='" + cookie.getName()+"="+cookie.getValue() +"; domain="+cookie.getDomain()+"; path="+cookie.getPath()+"'");
}

Now it doesnt write cookies at all, because cookie.getDomain()=sharepoint.server.com, and it cannot be written.

If I remove domain=cookie.getDomain() from the line, it writes cookies to the momory, but uses domain domain "app.server.com"

But I need to write these cookies with domain sharepoint.server.com

How is it possible to make it?

vlcod
  • 229
  • 2
  • 3
  • 13
  • 1
    You could set the cookie path to the sub domain. In your case, that would be '.server.com' and it will be visible to all your domains 'xxx.server.com' – ramp Sep 03 '15 at 11:07
  • is it other solutions to solve the problem? – vlcod Sep 03 '15 at 11:10

2 Answers2

2

You can not set Cookies for another domain. If you could, it would probably be the most severe security flaw Ever.

Imagine if you could write cookie for Facebook, Google, etc...

Check this Topic, I think it can help you finding the good solution: How to set a cookie for another domain

EDIT:

Another solution found on SO: Cross-Domain Cookies, it could be what you're looking for.

Zombies
  • 25,039
  • 43
  • 140
  • 225
Supamiu
  • 8,501
  • 7
  • 42
  • 76
  • so, it's understandable.. my question was "how to write another domain"? – vlcod Sep 03 '15 at 13:48
  • If I write the way you mentioned, I have domain - "app.server.com". BUT, I need domain "sharepoint.server.com" written in the cookies – vlcod Sep 03 '15 at 13:50
  • yeah, but I can get these cookies only after successful authentication.. so, what's wrong? – vlcod Sep 03 '15 at 14:52
  • I just need to authenticate, to get the cookies, and write them in the browser.. then when I execute the same server, it doesnt ask me again to authenticate, because it reads its cookies from my browser – vlcod Sep 03 '15 at 14:53
  • Whatever you need to do, You can't set a cookie for another website. If you read the topic I mentioned, you'll know why. I also added another solution to the answer to show you how ou can do. – Supamiu Sep 03 '15 at 14:56
0

Set the domain of the authentication cookie to just the domain part, without the sub-domain:

JavaApp.getInstance()
    .getMainWindow().executeJavaScript(
        "document.cookie='" + cookie.getName()
        +"="+cookie.getValue() 
        +"; domain=server.com; path="
        +cookie.getPath()+"'");

This cookie should now be accessible to all sub domains of server.com

miw
  • 776
  • 4
  • 11