Easy Cross Domain Cookies (Sharing cookies between domains) April 1
I own several websites that need memberships to post comments, and recently I wanted the ability to have a single login - so once the user is logged into one site they are automatically logged into the others.
Ideally, I could just write the login cookies for both domains from one location, or somehow share the same login cookie between the domains - but you quickly come up against browser security which (for good reason) doesn’t allow this sort of thing.
There are plenty of ways of solving this problem - but this is the simplest I could find. It uses an IFrame to set cookies on the foreign domain.
In the example, you have Domain A which the visitor is currently on, and Domain B, which you want to set cookies on.
Add a page ‘FrameLogin.aspx’ to your Domain B website.
Public Partial Class FrameLogin
Inherits System.Web.UI.Page
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
Dim sUserID As String
HttpContext.Current.Response.AddHeader(”p3p”, “CP=\”"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\”"”)
sUserID = Request.QueryString(”userid”)
Dim oCookie As New HttpCookie(”UserID”)
oCookie.Value = sUserID
oCookie.Expires = DateTime.Now.AddDays(1000)
HttpContext.Current.Response.Cookies.Add(oCookie)
oCookie = Nothing
End Sub
End Class
Note that the p3p header has been added, this is to allow 3rd party cookies.
To call this page, we insert code into the appropriate ‘Login’ function in your Domain A website.
Private Function Login(ByVal sUserName As String, ByVal sPassword As String) As Boolean
Dim iUserID As Integer
iUserID = CheckLoginOKAndGetUserdID(sUserName, sPassword)
If iUserID <> 0 Then
Login = True
Response.Write(”<IFRAME style=’WIDTH:1px;HEIGHT:1px’ src=’http://www.DomainB.com/FrameLogin.aspx’ frameBorder=’0′></IFRAME>”)
Else
Login = False
End If
End Function
Once the cookie has been set on Domain B I can use it to auto-login my visitors when they get there.
Also: For simplicity, I am using an IFrame to call a page. If I wanted faster execution I could substitute an iHttpHandler for the page.
Scott Krutsinger Apr 3
That’s an interesting approach as I’ve ran into this situation before. I must say, this would only work if the userid is the same for all the sites, correct? In other words all sites off a common database wouldn’t be a problem. A unique database for each site could/would have out of sync user id’s.
Gath Apr 3
Hi Scott,
If you wanted to have different UserIDs, you could change the function CheckLoginOKAndGetUserdID so that it returned the UserID for Domain B (ie - CheckLoginOKAndGetDomainBUserID). That way the userid for Domain A and B could be different.
In the example, Domain B is a ’slave’ to Domain A. Logging into domain A will set the login cookie on domain B regardless of what the login details (UserName/Password etc) are for domain B.
Nicolai Apr 24
Hi Gath,
First of all: Great site! Lots of good articles and tricks to get inspired!
I am currently on a project where I need som cross-domain cookie “communication”. Basically the setup is that domain A sets some “default search parameters” in a cookie once the user logs into the site on domain A. Some places in this site (domain A) there are links to another site (domain B) where you can perform some searches. Initially what should happen is that the site on domain B retrieves the “default search parameters” from the cookie, and uses these for the search.
The fun doesn’t stop here though
Once the user performs a different search on the site on domain B, the search parameters he/she used must now be saved in the same cookie (overwritten) so the NEW “default search parameters” also are availble via the cookie in the site on domain A. Does that make sense? I hope so.
So I was wondering if you have some good ideas on how to use/extend your thoughts from your example above to implement this feature?
Thanks,
Nicolai
G4HQ Apr 28
Does this work for forums? I am having a problem with my VB forum? Thanks! Email me if it does, if not dont
Gath Adams ftw