1

We have some large sites on different domains. Let's say x.com and y.com, they run on the same backend, on the same server, with the same database.

We have a lot of content (Images and Articles)

I need to track users on both pages. I want to identify the user and use the same backend on both the sites to track their movement and go look at their tracks.

Is that possible with cookies? I think I could be able to give the clients a unique cookie, and then check for the cookie on both sites, writing their movements to the database as they go along.

Moshe
  • 57,511
  • 78
  • 272
  • 425
Lars Hansen
  • 105
  • 1
  • 5
  • Not quite. More newspaper orientated than SO :) – Lars Hansen Feb 11 '11 at 19:21
  • I'm not sure that tracking users isn't evil, but I suppose it's part of a business model... – Moshe Feb 11 '11 at 19:35
  • @Moshe - and which specific way might it possibly be "evil"? (I'm leaving aside an edge case of when you explicitly lie and say that you won't track the users in your privacy notice). I'm sure I can find a significant percentage of human population who'd gladly declare pretty much any action you made or opinions you hold - no matter what they are - to be "evil". – DVK Feb 11 '11 at 19:42
  • @DVK - You are correct, however - antivirus scanners report tracking cookies. The only other thing it reports is malware, viruses and the like. Does that not make them evil? – Moshe Feb 11 '11 at 19:58
  • @Moshe: No, just because antivirus software mark something harmful doesn't make them that. Our company will have to obey EU law and the specific laws in our country, and we don't do anything illegal. The cookies are used to get information about the taste of the user so we can offer them specific products / stories. We also provide a full privacy policy, we don't have anything to hide. – Lars Hansen Feb 11 '11 at 20:26
  • @LarsHansen No offense meant, I understand what you are saying. People just have a strong sense of caution surrounding cookies. – Moshe Feb 11 '11 at 20:31
  • @Moshe - no, antivirus scanners report tracking cookies because people are insisting on the functionality (e.g. willing to pay extra or use its absence as purchasing decision margin) due to overblown "privacy" concerns. Pretty much the same reason companies manage to sell "breath mask" bras. – DVK Feb 11 '11 at 20:34

1 Answers1

0

Cookies are in general designed so that there is no crosssite interactoin... BUT... it is possible.

the <machineKey/> attribute of the web.config file will allow you to do that.

You supply a validation key, a decryption key and a validation "type" and make sure that it is the same in the web config of both applications.

I've personally used it in a forms authentication environment and it works just fine there. I'm pretty sure you could use it to achieve your goals.

Patrick
  • 7,512
  • 7
  • 39
  • 50
  • well if thats the case i'm not sure exactly what to tell you. I'd suggest updating your question to be specific with the language/environment. – Patrick Feb 11 '11 at 19:16
  • Might want to check out this post: http://stackoverflow.com/questions/1084114/cross-domain-cookies – Patrick Feb 11 '11 at 19:19
  • 1
    I search a pure HTTP-solution not bound to a specific language or framework. I will then implement it on my sites. But sorry for not mentioning it. – Lars Hansen Feb 11 '11 at 19:20
  • web.config is similar to Apache's .htaccess except for IIS/ASP.net. And yes it's magic, like everything about computers :-) – wildpeaks Feb 11 '11 at 19:41
  • Can .htaccess play with cookies? I think that is what machineKey is doing in web.config. – Lars Hansen Feb 11 '11 at 20:27