bear0053 has asked for the wisdom of the Perl Monks concerning the following question:

I am trying to create a cookie that will be accessed by potentially 2 different sites that must both be able to read and/or set the values. Ex: www.site1.com drops cookie 
 my $cookie_object=cookie(-name => 'cookiename',
            -value => {key1 => val1, key2 => val2, key3   => val3},
            -domain => '.site1.com, .site2.com'
             );
print "Set-Cookie: $cookie_object\n";

[download]
at some other point now www.site2.com will need to grab the value from the cookie and make mods, but i cannot figure out how to allow a cookie dropped by one domain to be accessible to other domains besides the one that created it. All help would be much appreciated, thanks in advance

Replies are listed 'Best First'.
Re: multiple domain cookie
by waswas-fng (Curate) on Oct 20, 2003 at 19:09 UTC
    You can't all of the current web browsers disallow cross security site cookie meddling. The only way this will work is if you have both sites be on the same domain. then you set the cookie for the domain not the hostname. If both sites must be on different domains yo will need to bridge the sites with a session encoded in the URL.


    -Waswas
[reply]
      what do you mean by session encoded in the url?
[reply]

        Instead of sending the data in the cookie, save the data to a database with a randomly generated session ID (I usually use Data::UUID for this). The ID is simply put into the URL string, e.g.:

        http://www.example.com/your_program.cgi?id=abcdefg

        [download]

        When the CGI runs, it grabs the session ID value off the parameter list and get's the saved data from the database. If the user is using a form, you can put the ID in a hidden field instead.

        You should be using this method even if you use cookies instead (by putting the session ID as the cookie value). I've rarely seen a good excuse for not doing so besides sloppy coding.

        There are various modules for helping you do this. I've heard of CGI::Session before, but I've never used it, so I won't comment on it.

        ----
        I wanted to explore how Perl's closures can be manipulated, and ended up creating an object system by accident.
        -- Schemer

        :(){ :|:&};:

        Note: All code is untested, unless otherwise stated

[reply]
[d/l]
[select]
Re: multiple domain cookie
by traveler (Parson) on Oct 20, 2003 at 20:01 UTC
    waswas-fng is correct, you cannot. One trick is to get site1 to send the cookie by having it display an image, say, from site2. (Then site2 actually sends the cookie.) You can even pass params to images if necessary! Consider: <img src="http://www.site2.com/images/foo.png?from=site1">

    Of course, the image could be a 1x1 pixel image...

    --traveler

[reply]
[d/l]
      This is called a third party cookie and is disallowed under the default IE6 privacy rules. This will impact your use of cookies as a method of passing information across domains.

      If I view the IE6 privacy report for this very site I can see that there are a few cookies that have been blocked.

      inman

[reply]
Re: multiple domain cookie
by bear0053 (Hermit) on Oct 20, 2003 at 21:16 UTC
    thanks i got it
[reply]

Back to Seekers of Perl Wisdom