I have a website which creates a cookie and I want to use this cookie in my application on Facebook. is it possible? if not, any idea how to recieve information from my website and pass it to Facebook?
You can't share cookies across domains - just subdomains. That's by design, and important (tm).
Can you have the user log in to your site using Facebook Connect to share a session across the two sites?
Just as Andy said, you can't share cookies across domains and this is an important security feature. Another thing you can't do is make cross-domain AJAX requests.
What's odd about your question is you're asking about a facebook application. Facebook applications are not hosted by facebook, so therefore you are hosting the application yourself. Since you are hosting the application yourself, it is possible you're hosting the application on the same server and even domain. Therefore if that is the case, as long as your facebook application is using an iframe and points to the application hosted on the same domain you can have cookies accessed from both the application and the website. But again, I repeat this is only if your facebook application is using an iframe and pointing to a domain that is the same as your website.
Tip: If your application or website is a subdomain, make sure to put a dot before your cookie to make it accessible on all subdomains. i.e. .domain.com
Related
I have a webserver with a drupal 7 installed on.
Many primary domains are pointing to this webserver (es domain1.com, domain2.com) and each domain is see the same website.
But if i log in into one (domain1.com) when i visit the domain2.com i'm not logged in.
I know that is a domain cookie problem, but there is a way to generate the cookie for a list of domain when i register/log in?
Hope that someone can help me
Here my module developed for getting a SSO system working with Drupal and Domain Acces.
https://github.com/andreacavattoni/DomainSSO
This is the very good question and have done small research on your question on different ways:
OAuth:
After reading the documentation and gone through many service providers it is not possible. Oauth service provider gives the consumer key and secret and they check the request coming from the domain and thus if the same oAuth consumer key is used on different domain Names that doesn't work.
Setting Cookie Multiple domains
Simply, it is not possible to set the cookie without visiting the domain by any means
Thus, I can say that it is not possible to set cookie or use the same consumer key and secret for multiple domains
Alternative ways
Use HTML5 Web Storage for storing the information and then accessing
the information from different domains is possible.
Use AJAX/CURL for sending the request for setting the cookie for different domains such as example.com/session_cookie.php?info=xxxxx
Maintain a single sub-domain/page for all the domain for login purpose for across all the domains.
I think you may want to look at Bakery
Could be of interest: Stack Exchange Blog: Global Network Auto-Login (using HTML5's local storage)
I'm trying to maintain a web site spread across two domains with the same host (one is actually in a subfolder of the other):
www.a.com -> /.../public_html/
www.b.com -> /.../public_html/b/
I have one script on a.com, let's call it public_html/readcookiedata.php, which reads in some session variables from a cookie. Another script on b.com, let's say public_html/b/index.php, needs to also read this cookie.
Right now index.php tries to require_once(../readcookiedata.php).
This works great if I visit www.a.com/b/index.php: the cookie is read OK.
However, if I browse to there directly, www.b.com/index.php, the cookie isn't read.
What's the best way to fix this problem? Is there a way for a.com to allow b.com to read its cookies? Or some way to configure the host to treat all requests to b.com as if they were for a.com/b/ instead?
No. Cookie security is built into the web at a browser level; browsers literally won't allow you to read data for cookies from other domains on pages served by a different domain.
I have a php application that pulls in pages from a separate domain via iframes. These pages are using cookies.
I've noticed some browsers have a default set that blocks any external cookies. This is going to cause quite a problem for me.
I've heard mention of P3P but can't find much mention about how to implement it with cookies.
Any help most appreciated,
Jonesy
It would be extremely bad if you could access an external site's cookies just by embedding it in an iframe. Just imagine if you were able to access facebook.com's session cookie just by embedding it.
Just to clarify what Maerlyn is saying - what you're describing is impossible. The website can only access cookies from its own domain. When you go to facebook.com, your facebook cookies are sent to that domain. When you go to google, your facebook cookies are NOT sent there. There is no way for Google to look at your Facebook cookies. Even it uses iframes. Period. This is a security feature.
So, I suggest you look at other ways to design your software system. For example, if the website you're embedding has an API, I'd use that. Or do a back-end service synchronization to pull in user information. In any case, you need the consent of the other service / other domain to do this.
I have more than four sites on my intranet. Now what i want to do is to manage all these sites from the main site. I need to manage that main site which can give access to the users to go to these sites and do the thing that can be done by logging to the individual sites.
I read about OpenID on this link http://devzone.zend.com/article/3581
Now I want to know that if I can manage this using OpenID or is there any other way to do.
Any suggestion will be appreciated.
Thanks in advance
I'm not clear what you're wanting. Are you wanting to run numerous sites from a single code base, with unique login mechanisms for each site?
I achieved a similar thing recently. I had a website that was available in different languages, and each language version had its own domain, parked on a single web server. My index.php picked up the domain the code was being accessed from and checked to see if there was a valid login for that particular domain.
This is using something as simple as a cookie or session, as both work on a per-domain basis. Therefore, if I logged on at example.com but then went to example.es, I would be prompted to log in to example.es because I logged on in what was a different domain.
Hope this logic helps you out.
I have two websites, one driven by ASP.NET and the other in PHP. The PHP site is hosted on a relatively inexpensive host provider ('unlimited bandwidth and diskspace for $10 a month). The PHP site also provides REST URLs which would help me in monetizing my website.
The other site (the 'main' site, as it were) is an ASP.NET website which houses the login mechanism. My goal is to allow users to log in to the ASP.NET site and then be redirected to the PHP based domain. Is there an easy and feasible solution that accomplishes this?
I have a few questions with regards to that approach:
How would I pass session information and variables from the ASP.NET Application to the PHP based application, to facilitate the aura of 'Single Sign On'?
Would a 'simple' cookie be able to handle this scensario? Or would I need to use encrypted query strings?
There is no 'sensitive' data on these sites, so securing user data isn't a top priority. The site was built 'for fun'.
Are there hosts that allow subdomains to be hosted on a different language platform than the main domain? If I had www.example.com hosted on an ASP.NET server, could I have a subdomain (forum.example.com) hosted on a PHP server? Is this possible?
Any help on this is greatly appreciated.
Although more complex, I would go with the same methodology as the OpenID spec and use the Diffie-Hellman exchange. This allows two parties with no prior trust, to establish a trust for a certain period of time.
Info for PHP
Info for VB.NET
I would go for a cookie if both sites are on the same domain. One advantage of cookies over encrypted strings is that they are automatically passed between requests and you don't have to think about them when building your urls. One downside of cookies is that they can be disabled by users.
Store the sessions in a database and create / use a session-type which is cross-platform. You might to do it yourself. But you should know that passing sessions etc between different languages like this, can be dangerous ( security-wise )