1

I have two domains - abc.com and xyz.com. I have a CNAME that points xyz.com to abc.com. xyz.com sets a cookie nx=true. Given this setup I should be able to read the cookie on abc.com. Here's a sample Java code `enter code here 

protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {

    PrintWriter out = response.getWriter();

    Enumeration<String> h = request.getHeaders("Cookie");
    while (h.hasMoreElements()) {
        out.println("From request.getHeaders(\"Cookie\")-->" + h.nextElement().toString());

    }
        out.flush();
    out.close();

}
Fadi
  • 13
  • 2
  • 4
  • 1
    Looks like you pressed enter before adding the Java code... (and no, cross-domain cookies aren't *supposed* to work even if the two sites are hosted on the same machine - how would shared hosting be secure if it did?) – Adam Mihalcin Apr 05 '12 at 00:07
  • yup I hit send before actually pasting in the code.. – Fadi Apr 05 '12 at 00:11
  • @Fadi Then click edit and fix the question/post ;-) – RobIII Apr 05 '12 at 00:12

1 Answers1

4

The browser doesn't know (or care) wether it's a CNAME, A-record or whatever; all it knows is that it's a different domain and you can't set cross-domain cookies. You might want to check out "How Facebook sets and uses cross-domain cookies" for tips or this SO answer.

It's a whole other ballgame if you had to set a cookie for, for example, the domains abc.foo.com and xyz.foo.com. In that case all you need to do is set the cookie's domain to not include the "subdomain", "hostname", whatever you want to call "abc" and "xyz".

For more information, check out this Wikipedia article.

Community
  • 1
  • 1
RobIII
  • 8,488
  • 2
  • 43
  • 93