homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / HTML
Forum Library, Charter, Moderators: incrediBILL

HTML Forum

Cookies Across Multiple Domains
How let other domains access Cookies

5+ Year Member

Msg#: 3811781 posted 7:22 am on Dec 20, 2008 (gmt 0)

When I log into Gmail, Blogger.com also is aware of my logged in session.
Same with Yahoo-Mail & Flicker.

How do they do this? I assume with Cookies, but isn't it pretty difficult to allow one domain to access another domain's cookie?

(sorry if this is the wrong forum-subject, I really wasn't sure but figured it applied equally to all server-side languages and maybe occurred more on the browser side)



WebmasterWorld Senior Member eelixduppy us a WebmasterWorld Top Contributor of All Time 5+ Year Member

Msg#: 3811781 posted 6:18 pm on Dec 20, 2008 (gmt 0)

You have to keep a database with session IDs to compare. You are correct in that one domain cannot access cookies of another domain like that.


5+ Year Member

Msg#: 3811781 posted 10:49 pm on Dec 20, 2008 (gmt 0)

Would you explain this a little more? Or point me to a tutorial that could talk about this?

How would the programming language being used (I understand PHP & Java examples the best) know that how to match up the session with one domain-computer combo to another domain-computer combination?



WebmasterWorld Senior Member 5+ Year Member

Msg#: 3811781 posted 11:42 pm on Dec 20, 2008 (gmt 0)

It may rely on the two servers in question talking to each other.

Example, visit example1.com (server1), page returned contains request to example2.com (server2) with example1 cookie1 data encoded. Server2 informs Server1.


5+ Year Member

Msg#: 3811781 posted 3:24 pm on Dec 21, 2008 (gmt 0)

I assumed it did this by running an iframe or javascript within the page all from google.com domain.


10+ Year Member

Msg#: 3811781 posted 3:44 pm on Dec 21, 2008 (gmt 0)

they set up a cookie for each domain when you log in. you log in on domain A then they setup a cookie to domain A, domain B and so on...


5+ Year Member

Msg#: 3811781 posted 11:01 am on Dec 22, 2008 (gmt 0)

I would have thought if they are owned by the same company there on the same server so flickr is actually. Yahoo.com/flickr so its actually on the same server?


5+ Year Member

Msg#: 3811781 posted 5:51 pm on Dec 22, 2008 (gmt 0)

no, I don't believe its a subdirectory within the server. Google offers so many services, one server would become very crowded very fast.
Setting up a cookie/session for each domain at login is an interesting idea. And I do believe I see some things similar to this happening.

What if I have 100 domains? I may not want to establish 100 sessions/cookies. Just allow the user into one of the other domains as they feel the need to hit those other domains.

The insights have been great. I've started calling what I'm asking for "multiple domain session" and googling that has yielded some results. I look forward to your help in clarifying this further.


10+ Year Member

Msg#: 3811781 posted 2:01 am on Jan 5, 2009 (gmt 0)

Assume that there is a YouTube video embedded on a web page. Before you even click to view the video, you get several YouTube cookies.

About ten seconds after you click and start watching, the Flash code behind the YouTube video phones home to google.com and your standard Google cookie with the globally unique ID is offered up to Google. By watching it on a packet sniffer, you will see that the GET request from your browser to google.com includes the URL of the page you are on, as well as the ID of the YouTube video you are watching.

It happens on Obama's change.gov site, as well as on youtube.com itself. It happens everywhere you see an invitation to watch a YouTube video.

Global Options:
 top home search open messages active posts  

Home / Forums Index / Code, Content, and Presentation / HTML
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved