0

I'd like to seamlessly login users between my sites, located on different domains. (For historical reasons, two different language versions of the site are hosted on different domains....I know... but the user should not need to log in again once changing languages.)

I thought of the following:

  1. The user is on a.com.
  2. The script on a.com makes an ajax POST request to b.com
    and b.com responds with a session cookie.
  3. The browser sets that session cookie for b.com.
  4. The script sets window.location = 'b.com'.
  5. The user sees himself automatically logged-in on b.com.

Will this method work?

Barney Szabolcs
  • 11,846
  • 12
  • 66
  • 91
  • Why do you need to use AJAX for this? Why doesn't the a.com page just submit the form to b.com, and then they'll be logged in there. – Barmar Nov 06 '20 at 20:57
  • But I think this should work. Try it and see. – Barmar Nov 06 '20 at 20:58
  • @Barmar No. In step 2, the session cookie will still be stored the cookie store of `a.com` – Randy Casburn Nov 06 '20 at 21:19
  • @RandyCasburn I don't think so. You can't set cookies in a different domain. – Barmar Nov 06 '20 at 22:02
  • You need to set the `withCredentials` option in the `XMLHttpRequest` for cookies to be honored. See https://stackoverflow.com/questions/3340797/can-an-ajax-response-set-a-cookie – Barmar Nov 06 '20 at 22:08
  • @Barmar - yes, you are correct. – Randy Casburn Nov 06 '20 at 22:35
  • Thanks @Barmar and @RandyCasburn! So if I set `withCredentials` in the `XMLHttpRequest`, then the cookies will be honored to be set on `b.com`? – Barney Szabolcs Nov 06 '20 at 23:15
  • Yes, I think so. See also https://stackoverflow.com/questions/3340797/can-an-ajax-response-set-a-cookie – Barmar Nov 06 '20 at 23:17
  • I was reading that thread and I was not sure if it applied in this cross-domain setup as well. Edit: Sorry, I can see now, you have quite a bit of expertise. I believe you and thanks a lot for looking into my problem! If you'd like to post an answer, I'll accept and upvote. – Barney Szabolcs Nov 06 '20 at 23:18

0 Answers0