1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Cross-domain cookie issue

Discussion in 'Site & Server Administration' started by creative4w3, Jul 11, 2011.

  1. #1
    I am having issues with cross-domain cookies. The main site is http://domain.com (without the www). The forums is forums.domain.com. I can't seem to set or destroy cookies for forums.domain.com from http://domain.com. My guess is because even though the cookie URL is .domain.com, that the main site is treated like a completely different domain because it is not on .domain.com.

    Any ideas?
     
    creative4w3, Jul 11, 2011 IP
  2. digitalpoint

    digitalpoint Overlord of no one Staff

    Messages:
    38,333
    Likes Received:
    2,613
    Best Answers:
    462
    Trophy Points:
    710
    Digital Goods:
    29
    #2
    Right... you can't manage cookies unless it's within the domain you are on (or a global cookie for the domain). You could do all sorts of nasty stuff otherwise... like view someone's cookies for blogger.com when visit your site at yourblog.blogger.com
     
    digitalpoint, Jul 11, 2011 IP
  3. creative4w3

    creative4w3 Active Member

    Messages:
    105
    Likes Received:
    4
    Best Answers:
    0
    Trophy Points:
    58
    #3
    Thanks. Is there any solution to this? We're bridging two systems forums.domain.com and domain.com and need to have people logout on both through one link.
     
    creative4w3, Jul 12, 2011 IP
  4. ntomsheck

    ntomsheck Peon

    Messages:
    87
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #4
    URL based session strings are possible. Have them really long, and use more than the string of characters to identify them for added security (such as IP and user agent). Not sure if session strings are the correct term - probably a geographical colloquialism, but it's something like &SESS=08923JKLKkl238K3LK3kjf3poiwe8289QWCZNCoppQcZks

    Apparently I didn't read the question completely. To logout from both you could put a redirect at the end of each segment of logout code (session and cookie destruction), then redirect back to the previous page. Might look messy though.
     
    ntomsheck, Jul 12, 2011 IP
  5. digitalpoint

    digitalpoint Overlord of no one Staff

    Messages:
    38,333
    Likes Received:
    2,613
    Best Answers:
    462
    Trophy Points:
    710
    Digital Goods:
    29
    #5
    Use global domain cookies on both.
     
    digitalpoint, Jul 12, 2011 IP