3

I am working on cookies. I am able to create cookies very easily. To create a cookie I am using this code:

HttpCookie aCookie = new HttpCookie("Cookie name");
aCookie.Value = "Value";
Response.Cookies.Add(aCookie);

This code is fine for me and it gives me localhost as Host. But the problem comes here when I try to add a domain name here like:

HttpCookie aCookie = new HttpCookie("Cookie name");
aCookie.Value = "Value";
aCookie.Domain = "192.168.0.11";
Response.Cookies.Add(aCookie);

Now the cookie is not generated. Any suggestions?

Chris Barlow
  • 3,274
  • 4
  • 31
  • 52
Sunny
  • 3,185
  • 8
  • 34
  • 66
  • 1
    Thanks Damien for reply,Sorry i didn't explain problem very well.So now i am explaining this.My site is host on abc.com domain but i want to add xyz.com domain while writing the cookie – Sunny Mar 05 '12 at 09:40
  • Just for curious, I was able to create a cookie cross domain "manually" (not directly). I created a sign in session using localhost web site to another www.domain.com. – Souza Jun 06 '19 at 15:00

3 Answers3

12

You can only set the domain to yourself (the current site) and sub-domains of yourself, for security reasons. You can't set cookies for arbitrary sites.

Marc Gravell
  • 1,026,079
  • 266
  • 2,566
  • 2,900
  • Thanks Marc for reply,Sorry i didn't explain problem very well.So now i am explaining this.My site is host on abc.com domain but i want to add xyz.com domain while writing the cookie – – Sunny Mar 05 '12 at 09:41
  • 2
    @Sunny - that's what marc is saying - you can't do that. – Andras Zoltan Mar 05 '12 at 09:45
  • @Sunny yes, and again: you can't do that. abc.com can write cookies to abc.com, foo.abc.com and *.abc.com; it **cannot** write cookies for xyz.com **at all**. – Marc Gravell Mar 05 '12 at 09:46
2

As Marc has said - you can't do this; unless the domain is a subdomain of the one returning the response.

The same limitation applies to javascript code on the client adding cookies as well - the same origin policy will apply.

A simple way to achieve this is generally to include on the page returned from abc.com somewhere a reference to a resource on the domain xyz.com - typically a javascript file or something like that.

You have to watch out there, though, because that's a third-party cookie and some users will have those disabled (because it's how ad-tracking works).

Andras Zoltan
  • 41,961
  • 13
  • 104
  • 160
0

Assuming you have a known set of cookies you want to track across domains and that you own all the domains you are sharing cookies with, you can build this functionality yourself. Here is poor man's cross-domain cookie tracking:

You can add "?favoriteColor=red" to all links on abc.com that point to xyz.com.

<a href="xyz.com/contact?favoriteColor=red">XYZ Contact</a>

Then do the same thing for all links on xyz.com that point to abc.com.

<a href="abc.com/contact?favoriteColor=red">ABC Contact</a>

Now on every page of abc.com and xyz.com need to check the http request path for ?favoriteColor=red and if it exists, set the favoriteColor cookie on that domain to red.

// Pseudocode
if(queryString["favoriteColor"] != null) {
    setCookie("favoriteColor", queryString["favoriteColor"]);
}

Tip 1: Do some validation to ensure that the value you get is valid because users can enter anything.

Tip 2: You should be using https if you're going to do this.

Tip 3: Be sure to url escape your cookie name and value in the url.

TxRegex
  • 2,347
  • 21
  • 20