0

I have a php script on a domain called domain1.com/post_data.php . This script makes an AJAX call to another script hosted on another domain: domain2.com/set_data.php. set_data.php expects some post variables and writes them to a table....everything is working just fine (because CORS is enabled on domain2.com in case you were wondering :)).

My question/issue is: domain2.com/set_data.php starts a session on its end and "writes/reads" the session id from a cookie....where is this cookie stored? Does domain1.com/post_data.php have access to the cookie set by the remote server script ?

I am writing the session id set by domain2.com in a db there and the session id written to the DB by domain2.com does NOT match with the session id written in a cookie on domain1.com (I checked by reading the PHP SessionID cookie on domain1.com).

Nikster2014
  • 380
  • 3
  • 16
  • Possible duplicate of [Cross domain cookies](http://stackoverflow.com/questions/1084114/cross-domain-cookies) – halfpastfour.am Oct 11 '16 at 19:00
  • MOST (all?) Contemporary browsers hand this via whats known as a 'sandbox' approach to security. That said: CORS standards you should read - theres no fast n quick answer bc of this implication and how your question is posed '\imho\' – Brandt Solovij Oct 11 '16 at 19:02

2 Answers2

0

You can only view or set cookies that are valid for the current domain. i.e domain1.com script cannot see domain2.com's cookies.

Ryan
  • 1,151
  • 5
  • 7
0

As answered here there is absolutely no way for domain.com to set a cookie for domain1.com.

Community
  • 1
  • 1
halfpastfour.am
  • 5,764
  • 3
  • 44
  • 61