1

Have a question on sessions, heres the scenario I am facing,

User hits site scraper.com and makes a request, this triggers web server of scraper.com to initiate a session on "parent.com", the web server makes multiple POSTs and GETs to parent.com and arrives at a checkout page. Now the web server of scraper.com wants the user's browser to load the checkout page of "parent.com", the same checkout page which scraper reached through the session it initiated. In order to do this the user's browser should hit parent.com with the same session id as the one that scraper's web server has, this I think can't be done as cross domain cookies are not allowed.

This is very similar to doing a search on kayak.com and when the user selects a flight from Delta Airlines the checkout page of delta.com loads.

How can this be implemented? Is it possible to implement this with the co-operation of parent.com or in above example delta.com?

If scraper and parent are having an agreement what exactly should parent support for the scraper domain to make requests like above possible?

I hope I did not complicate the description, please let me know. Any responses would be very much appreciated.

Cheers

DisappointedByUnaccountableMod
  • 6,656
  • 4
  • 18
  • 22
konkani
  • 488
  • 1
  • 7
  • 15

1 Answers1

0

I've been programming for about 10 months now. While creating a large scale application to make user's lives easier for a particular travel company that doesn't do multi-hop trip planning I ran into the same problem. They use ASPX so I've had to successfully determine the _EVENTTARGET that invokes the proper _doPostBack (If you've never messed with ASP, it's annoying like that). Anyhow, I get everything done, the algorithms written, and the emulated browser to successfully add items to a checkout basket only to realize what I learned early on in my programming career. Though shalt never assign cookies to a domain though dost not own. Lol. What ever happened with this?

madman2890
  • 1,882
  • 2
  • 16
  • 16