Welcome to WebmasterWorld Guest from 54.159.250.110

Forum Moderators: incrediBILL

Message Too Old, No Replies

Cookies Across Multiple Domains

How let other domains access Cookies

   
7:22 am on Dec 20, 2008 (gmt 0)

5+ Year Member



When I log into Gmail, Blogger.com also is aware of my logged in session.
Same with Yahoo-Mail & Flicker.

How do they do this? I assume with Cookies, but isn't it pretty difficult to allow one domain to access another domain's cookie?

thanks
(sorry if this is the wrong forum-subject, I really wasn't sure but figured it applied equally to all server-side languages and maybe occurred more on the browser side)

6:18 pm on Dec 20, 2008 (gmt 0)

WebmasterWorld Senior Member eelixduppy is a WebmasterWorld Top Contributor of All Time 5+ Year Member



You have to keep a database with session IDs to compare. You are correct in that one domain cannot access cookies of another domain like that.
10:49 pm on Dec 20, 2008 (gmt 0)

5+ Year Member



Would you explain this a little more? Or point me to a tutorial that could talk about this?

How would the programming language being used (I understand PHP & Java examples the best) know that how to match up the session with one domain-computer combo to another domain-computer combination?

thanks

11:42 pm on Dec 20, 2008 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



It may rely on the two servers in question talking to each other.

Example, visit example1.com (server1), page returned contains request to example2.com (server2) with example1 cookie1 data encoded. Server2 informs Server1.

3:24 pm on Dec 21, 2008 (gmt 0)

5+ Year Member



I assumed it did this by running an iframe or javascript within the page all from google.com domain.
3:44 pm on Dec 21, 2008 (gmt 0)

10+ Year Member



they set up a cookie for each domain when you log in. you log in on domain A then they setup a cookie to domain A, domain B and so on...
11:01 am on Dec 22, 2008 (gmt 0)

5+ Year Member



I would have thought if they are owned by the same company there on the same server so flickr is actually. Yahoo.com/flickr so its actually on the same server?
5:51 pm on Dec 22, 2008 (gmt 0)

5+ Year Member



no, I don't believe its a subdirectory within the server. Google offers so many services, one server would become very crowded very fast.
------------
Setting up a cookie/session for each domain at login is an interesting idea. And I do believe I see some things similar to this happening.

What if I have 100 domains? I may not want to establish 100 sessions/cookies. Just allow the user into one of the other domains as they feel the need to hit those other domains.

The insights have been great. I've started calling what I'm asking for "multiple domain session" and googling that has yielded some results. I look forward to your help in clarifying this further.

2:01 am on Jan 5, 2009 (gmt 0)

10+ Year Member



Assume that there is a YouTube video embedded on a web page. Before you even click to view the video, you get several YouTube cookies.

About ten seconds after you click and start watching, the Flash code behind the YouTube video phones home to google.com and your standard Google cookie with the globally unique ID is offered up to Google. By watching it on a packet sniffer, you will see that the GET request from your browser to google.com includes the URL of the page you are on, as well as the ID of the YouTube video you are watching.

It happens on Obama's change.gov site, as well as on youtube.com itself. It happens everywhere you see an invitation to watch a YouTube video.