Is it Possible to Check Cookie from a Different URL? If my browser is on Domain 1, can I run a code that checks for a cookie from Domain 2? For example, I would like to check for a cookie with the name "popover" no matter which domain it is cookied from. Can I do that?
No you can't because if you could anyone could easily read your paypal cookies and steal all your money. .
That's called session hijacking and sites like Paypal have already passed that stage. Just duplicating a cookie of an existing session should not work with many of the major financial services/companies. If you happen to own all the domains, then its a pretty easy thing to do. There are many ways you can share cookies between domains - something similar to what Google would do among it's services (gmail, youtube, etc..) or Microsoft's sites using live login. One of the ways you can do it is via an API, where the "master" domain set's the cookies/retrieves it and the "slave" domains request that cookie. This way itself can be done multiple ways, I personally find that using a distributed memory object caching system the fastest (something like Memcached).
Correct me if wrong but that happens while maintaining a central URL for Auth token and maintaning cookie on services with session IDs which can request that Auth token with the session ID or something like that. I don't think that would be exactly cross domain cookies.
That is an option. You can also calculate in the browser type, OS system, or even bit count. This is mostly foolproof unless someone has access to the algorithm you are using or is randomly correct and fakes all the info you are using. The internet is filled with examples, like this: (using redirect, Google style): http://answers.google.com/answers/threadview/id/742376.html (using API): http://www.codeguru.com/csharp/csha...php/c19417/Sharing-Cookies-Across-Domains.htm There are many ways companies implement this, specially ones that provide more than 1 service with the same login. You are not restricted on those implementation and can definitely work a better one if you have the time (or a more secure one).