SitePoint Sponsor

User Tag List

Results 1 to 9 of 9
  1. #1
    SitePoint Member wza's Avatar
    Join Date
    Jan 2007
    Posts
    5
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question Share cookies between two domains?

    I've got two websites running on both different domains. For trafficmeasurement purposes i'd like to know how many visitors have visited each site, but also how many visitors been on BOTH sites. For that I think I need to be able to read one domain's cookies from the other domain. I know it's not possible to read from another domain, but is it possible to issue cookies so both domains can share em maybe?

    Thnx

  2. #2
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    Nope it currently is not possible. Any browser with at least basic security will not allows another site on a different domain see or even use the cookie from another. However the way to get around that is to use an IP address instead of a domain name but that is not such a good idea.
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  3. #3
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,813
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    The only way to do it is to have one of the domains load an iframe containing something from the other domain to set a third party cookie from there. It will then create a shared cookie for the one or two people who have yet to disable third party cookies in their browser.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  4. #4
    Foozle Reducer ServerStorm's Avatar
    Join Date
    Feb 2005
    Location
    Burlington, Canada
    Posts
    2,699
    Mentioned
    89 Post(s)
    Tagged
    6 Thread(s)
    One technique that is used for load balancing could be used in your scenario: After a user logs in on domain A, verify their log-in, create and store a PHP session cookie in a shared database between the two sites - the 'session' database could only be used to store sessions and the two domains could you separate or no databases.

    When the user navigates to domain B - query the stored session in the database and then verify it using the same logic as domain A. In fact the user would not have to log-in to domain B as you would carry over the session. Then just track their whereabouts as you normally do.

    Of course I'm am referring to session cookies instead of client side cookies.

    ServerStorm
    ictus==""

  5. #5
    SitePoint Member wza's Avatar
    Join Date
    Jan 2007
    Posts
    5
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by ServerStorm View Post
    One technique that is used for load balancing could be used in your scenario: After a user logs in on domain A, verify their log-in, create and store a PHP session cookie in a shared database between the two sites - the 'session' database could only be used to store sessions and the two domains could you separate or no databases.

    When the user navigates to domain B - query the stored session in the database and then verify it using the same logic as domain A. In fact the user would not have to log-in to domain B as you would carry over the session. Then just track their whereabouts as you normally do.

    Of course I'm am referring to session cookies instead of client side cookies.

    ServerStorm
    I'm not getting this, how could i possibly verify a visitor on either one of the domains without the use of clientside cookies? (I guess I could use visitors IP's, but for measurement that's not going to be very accurate). If you are assuming visitors have logins, that's not correct. These are two public websites, not necessarily linked with eachother.
    Last edited by wza; Mar 27, 2007 at 02:58.

  6. #6
    Foozle Reducer ServerStorm's Avatar
    Join Date
    Feb 2005
    Location
    Burlington, Canada
    Posts
    2,699
    Mentioned
    89 Post(s)
    Tagged
    6 Thread(s)
    Hi WZA,

    If you are not using log-ins then another method does require a client side cookie and it goes like this:
    • create a unique browser identifier by using a cookie to assign a differentiating visitor identifier - like MAC address for an ethernet card.
    • The very first time that the application's URL is requested by a browser, intercepting php code calculates a long (like a MD5) random string - the browser identifier - and assigns it to a permanent cookie in the browser. Set the cookie to expire several years in the future.
    • The intercepting php code also places this the browser identifier, otherwise known as a token, into the newly created PHP session to signify its originator. On all subsequent requests for that session identifier, the value in the cookie is compared to the originator token in the session.
    • This is where centralizing the php session management in a database would be a good thing. You could write the php token code into the central database.
    • When users enter either public site, the application first checks for the persistent cookie, if it exists then it loads the stored session in the db. This session can now be tracked by whatever mechanism you may have in place to read the session on page visits.
    You are right that IPs have limitations as many environments share a gateway ip or have a pool of DHCP allocated IPs, which makes it impossible to track a single user.

    Hope this helps,
    ServerStorm
    ictus==""

  7. #7
    <?php while(!sleep()){code();} G.Schuster's Avatar
    Join Date
    Mar 2007
    Location
    Germany
    Posts
    428
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well, ServerStorm - you still have the problem that the cookie can only be rad by the domain that set it.
    For domain B you will hav a newly created cookie with a new magic identifier.

  8. #8
    Foozle Reducer ServerStorm's Avatar
    Join Date
    Feb 2005
    Location
    Burlington, Canada
    Posts
    2,699
    Mentioned
    89 Post(s)
    Tagged
    6 Thread(s)
    Hi G.Schuster,

    Whoops! When I was thinking through this I forgot about the cookie domain lock therefore without a log-in (where the client cookies could be eliminated) and a shared PHP session could be used in site A and B then this approach will not work.

    Sorry

    ServerStorm
    ictus==""

  9. #9
    SitePoint Wizard REMIYA's Avatar
    Join Date
    May 2005
    Posts
    1,351
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by felgall View Post
    The only way to do it is to have one of the domains load an iframe containing something from the other domain to set a third party cookie from there. It will then create a shared cookie for the one or two people who have yet to disable third party cookies in their browser.
    Yes. You can use iframe from 1st site, that will check cookie and return XML, or javascript response, that you can read from your 2nd site.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •