How can I share a cross site cookie?

Question

I have the following code on example1.com:

<?php
setcookie('_ch' , base64_encode($file) , time() + (60) , '/');
header("Location: http://example2.com/");
exit();

And on example2.com:

<?php
if (!isset($_COOKIE['_ch'])){
    echo error::noocookie();
    exit();
}

The problem I face is that the if statement is always true. How can I access the cookie from example2.com?

This may help you look at the link https://stackoverflow.com/questions/46288437/set-cookies-for-cross-origin-requests — , Sep 19 '22 at 17:35

Quentin · Accepted Answer · 2022-09-19T17:36:31.270

You can't. A website isn't allowed to set cookies for other domains.

See the specification. Specifically point 6 of the storage model section.

If the canonicalized request-host does not domain-match the domain-attribute:
Ignore the cookie entirely and abort these steps.

and the domain-match section:

A string domain-matches a given domain string if at least one of the following conditions hold:

The domain string and the string are identical. (Note that both the domain string and the string will have been canonicalized to lower case at this point.)

All of the following conditions hold:

The domain string is a suffix of the string.

The last character of the string that is not included in the domain string is a %x2E (".") character.

The string is a host name (i.e., not an IP address).

With a domain of example2.com and a request-host of example1.com, none of these conditions are true.

What can I do instead to confirm that the user visited example1.com before example2.com with an expiration of this confirmation? — Kyansittha, Sep 19 '22 at 17:35
Redirect the user from 1 to 2 with a token that can verify them (e.g. a GUID that 2 makes a server-side HTTP request back to 1 to auth or something like a JWT) — Quentin, Sep 19 '22 at 17:38

How can I share a cross site cookie?

1 Answers1