I need to share SSO information between two different domains with a cookie, can this be done in PHP and how?
php
cookies
Answers
5
Try using setcookie with a a path specified, this used to catch me out, as it assumes the current path by default. Using / will make the cookie work for the whole domain
setcookie("Username", $username, time()+3600*24*30, '/');
Friday, November 4, 2022
2
<?php
$cookie_name = "test";
$cookie_value = "123";
setcookie($cookie_name, $cookie_value, time() + (86400 * 30), "/"); // 86400 = 1 day
?>
You need to write your php code like this
You can use this script If u can want particular cookie
<script>
function getCookie(cname) {
var name = cname + "=";
var ca = document.cookie.split(';');
for(var i=0; i<ca.length; i++) {
var c = ca[i];
while (c.charAt(0)==' ') c = c.substring(1);
if (c.indexOf(name) == 0) return c.substring(name.length,c.length);
}
return "";
}
console.log(getCookie('test'));
<script>
Monday, December 5, 2022
5
Okay, I found out after reading on the Mozilla Developer Network a bit more and trying out the credentials option.
Looks like the credentials option is what I should have looked for.
fetch('/something', { credentials: 'same-origin' }) // or 'include'
Will send the cookies.
Thursday, August 4, 2022
4
The answer is to use --header="Cookie: --COOKIE_DATA--" (ref. wiki.wsmoak.net/cgi-bin/wiki.pl?Siege).
Monday, November 7, 2022
Only authorized users can answer the search term. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :
php
cookies
On both domains, place an image or other web element that is pulled from the other domain. Use the URL to notify the other domain that user X is on domain A, and let domain B associate that user ID with that user on their system.
It's a little complex to carry out correctly, but if you think it through it'll work out very well.
Vinko points out in a comment (thanks!) that I shouldn't take it for granted that you understand the security risks involved. If this information is of any value to anyone, then you should make sure you use proper encryption, authentication, etc to avoid releasing sensitive information and to avoid various attacks (replay, man in the middle, etc). This shouldn't be too onerous since you control both websites and you can select a secure secret key for both, since the communication is only going between the two servers via this special URL. Keep it in mind though.
-Adam