Posted by Erwin Moller on 01/26/06 12:01

Super Mango wrote:

> Hi,
>
> I have this login that works fine when the page is presented as-is, but
> I want to allow other site owner to put any page from my site in a
> frame in their own site.
>
> The thing is that when the page is called from a different domain, the
> cookie is not sent to the server.
>
> What can I do?

Nothing simple.
Cookies are NOT send crossdomain.
Think about it when that was possible:
1) Every visit to any site would include your WHOLE set cookies. A waste of
bandwidth
2) sucurity. If ANY site could retrieve all your cookies, then they could
easily hijack your current session to somewhere.
You don't want that.

So: If you want to propagate your cookie to another domain, send it yourself
explicitly.
like (GET):
http://www.otherdomain.com/somescript.php?cookievaluePHPSESSID=sdjkhfjksdahfjkasdhf

(or via POST)

I am not sure what the other site wants to do with the cookie, but that is
the way to send it.

>
> Thanks,


Regards,
Erwin Moller

[Back to original message]