-1

I have 2 virtual hosts and I want to set Cookie on the one of them with JS:

var CSRF = Math.random().toString(36).substring(2, 15) + Math.random().toString(36).substring(2, 15);
$(".form-token").text(CSRF);
document.cookie = "CSRFToken=" + CSRF;

And then I want to try fetch this on the other host with PHP. But var_dump($_COOKIE); outputs just _ga variable. What am I doing wrong?

Daniel A. White
  • 187,200
  • 47
  • 362
  • 445
Nikita Yunoshev
  • 399
  • 1
  • 4
  • 19

1 Answers1

3

You cannot share cookies between two hosts that are at the same level of the tld (eg two subdomains), you can only share cookies from a higher level.

Eg, a cookie set on first.exemple.com cannot be read on second.exemple.com.

But if you do it from the higher level it can work: a cookie set on .exemple.com (while being on exemple.com) can be read on both first.exemple.com and second.exemple.com.

  1. It has to be set while on higher domain (the user must be on a page of exemple.com, not on one of the subdomains), and
  2. the cookie domain must include the leading dot (a cookie set on exemple.com cannot be read by subdomains, but one set on .exemple.com can)

Make good note that www.exemple.com is not the same as exemple.com

Lepidosteus
  • 11,779
  • 4
  • 39
  • 51
  • Thank you for your answer. I'm not sure that I understand right the sentence about dot at the start. I'm setting cookie on the "test.server" and trying to fetch them on the "upload.test.server" but it doesn't work. – Nikita Yunoshev Jan 18 '18 at 15:01
  • Set the cookie on `.test.server`, with a leading dot. Eg: `document.cookie = "csrf=123456;domain=.test.server"` – Lepidosteus Jan 18 '18 at 15:03