0

i have read a lot about cookie and i still can’t understand it right

have two domains

server: server.com
client: client.com

so the website is just deployed and there are many issues, i understand that there isn’t way to share cookie between two domains

when disable Prevent Cross-Site on Safari it is work fine but probably that is not make sense to ask from each client to disable it...

my Question is if i can set the server.com on server.domain.com and the client on domain.com is possible to share cookie between server.domain.com(serverSide) to domain.com(clientSide) ?

or just simply: "How to use cookies between server domain to client domain In the right way after hosting ?"

Ram John
  • 11
  • 3
  • Cookies that are set for `domain.com`, can be accessed on subdomains thereof, such as `server.domain.com`, yes. But the setting you changed in your Safari is about 3rd-party cookies in general - so you would have to hope that Safari (and other browsers) do not consider `domain.com` and `server.domain.con` as "different parties", otherwise you are winning absolutely nothing with such a change. – CBroe Feb 14 '22 at 14:40
  • But after short research, https://stackoverflow.com/a/29772014/1427878 seems to confirm that subdomains of the main domain are _not_ considered 3rd-party - so this could make it work, without users having to change default settings in their browsers, yes. – CBroe Feb 14 '22 at 14:42
  • @CBroe first thanks you for understanding answered, just to be on the same page with you: on server side `server.com ("old domain")` i need to set this domain to `"server.domain.com"` and then i need to set `(client.com ("old domain")` to "domain.com" and then i have get `"server.domain.com/data"` function on server that brings information from some Database, so it’s means now that i can make request function to `"server.domain.com/data"` from client correctly ? – Ram John Feb 14 '22 at 14:58
  • That should prevent browsers from blocking the cookie as a 3rd-party cookie, yes. (Which many browser/privacy-enhancing extensions do these days, to prevent user tracking across a whole range of domains.) – CBroe Feb 14 '22 at 15:05

1 Answers1

-1

the most reliable solution is that the browser that has the cookie set (for example) from server.com performs a request with the cookie as a parameter to client.com that sets the same cookie on client.com website.

Many times a simple (and hidden) XMLHttpRequest can do the trick.

Fabio Rotondo
  • 390
  • 2
  • 10
  • Does that actually get you past the blockage of 3rd-party cookies though? I rather doubt it (because if it did, then all the "bad" guys these blocking measures are against, the track-you-across-half-the-internet data collectors, would surely employ the same tactic.) – CBroe Feb 14 '22 at 14:49
  • they cannot use the same tactic, because my solution implies a request to a specific endpoint to the second server. As an example consider the following scenario: login on ``server.com``, the server sets a cookie, the browser calls ``client.com/set_this_cookie?cookie=xxx`` and the ``client.com`` domain sets a new cookie with the right value. You cannot do that if there is no logic on client and server side for this. – Fabio Rotondo Feb 15 '22 at 11:10