1. Home
  2. Forums Index
  3. WebmasterWorld / Webmaster General 2:04 am May 21, 2026

Forum Moderators: phranque

Message Too Old, No Replies

Including data with same domain, but different IP

         

csdude55

7:10 pm on Jan 25, 2021 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



I'm working with a third party company that will supply content for my site through a subdomain on my domain, but I'll be linking to their IP. They have to rebuild my header and footer on their end to make it somewhat seamless, but it's not perfect because the dynamic data in my header (unique to the logged in user) will be lost.

The rep I'm working with isn't a techy, so we're in a back and forth of me asking him if they can do something, then he has to go to the tech team and come back to me a few days later. I'm hoping to bypass that if you guys and gals can help me come up with a better solution.

So. If I set a cookie on my main page, then there's a subdomain pointing to a different IP, would they be able to include an Ajax script or IFRAME from the main domain that could read that cookie?

Meaning, the user goes to www.example.com, logs in, and I set a cookie with their username. Then they go to foo.example.com that's technically on a different server; could foo.example.com include an IFRAME or Ajax from www.example.com that reads the cookie that was set on www.example.com?

phranque

8:04 pm on Jan 25, 2021 (gmt 0)

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month



in this case the cookie must be on the example.com hostname.

csdude55

8:09 pm on Jan 25, 2021 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



You mean, when I set the cookie? eg, Set-Cookie: name=value; domain=example.com?

I'm pretty sure that USED to work (although I haven't had to worry about it in a long time), but with Chrome cracking down on third party cookies I wasn't sure if that was still true.

phranque

9:30 pm on Jan 25, 2021 (gmt 0)

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month



"third-party cookies" implies other domains, not other hostnames on the same domain.

Dimitri

10:57 pm on Jan 25, 2021 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member Top Contributors Of The Month



a third party company that will supply content for my site through a subdomain on my domain, but I'll be linking to their IP.

On my scale of bad ideas, this one ranks on top.

[webmasterworld.com...]
[searchengineland.com...]
[searchengineland.com...]

No matter if they are paying you, if you are paying them, if this is (supposedly) mutually profitable. you will get problems, at some point or another.

Just saying.

phranque

11:54 pm on Jan 25, 2021 (gmt 0)

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month



more on cookies from the IETF RFC document "HTTP State Management Mechanism" (RFC 6265 - April 2011):
4.1.2.3. The Domain Attribute

The Domain attribute specifies those hosts to which the cookie will
be sent. For example, if the value of the Domain attribute is
"example.com", the user agent will include the cookie in the Cookie
header when making HTTP requests to example.com, www.example.com, and
www.corp.example.com.
...
The user agent will reject cookies unless the Domain attribute
specifies a scope for the cookie that would include the origin
server. For example, the user agent will accept a cookie with a
Domain attribute of "example.com" or of "foo.example.com" from
foo.example.com, but the user agent will not accept a cookie with a
Domain attribute of "bar.example.com" or of "baz.foo.example.com".

source: https://tools.ietf.org/html/rfc6265#section-4.1.2.3
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. WebmasterWorld / Webmaster General 2:04 am May 21, 2026