#native_company# #native_desc#

Implementing Cross-Domain Cookies

By Christopher Kings-Lynne
on November 29, 2000

Cookies are a great invention, allowing the web developer to maintain
the login status of their users. However, problems occur when your site or network
has more than one domain.
The cookie specification says that any cookie set for one domain, must
not be sent to any other domain. Therefore, if you set a cookie in your user’s
browser on one domain, that cookie will not be available on any other domain.
This is a big problem, if you want your users to log in on one of your
sites and still be logged in on your other domains.
My solution will use the following general framework:

  • A prepend script will be used that will accept the sessionid via GET or COOKIE.
    It will preferentially choose a GET variable over a COOKIE. Therefore, whenever we need to
    link across domains, we send the sessionid as a URL parameter.
  • The Apache configuration will be modified to do rewrites on all cross-domain cookies.
    The reason for this will soon become clear.
  • Variables will be used whenever a cross-domain href appears.