CODEWITHSUNDEEP
phpcurlcookiescross-domainsetcookie
D Singh
D Singh

Reputation: 295

How to set cross domain cookies though curl or any method?

I have two website. I want to set the cookies by curl request on another domain.

I am making curl request from my first website. Here are code structure: 

$url = 'http://www.secondwebsite.com/ext/access/api/manage.php';
$data = array('id' => '23',
    "firstname" => "First name",
    "lastname" => "last name",
    "email" => "[email protected]",
    'username' => 'username',
    'password' => 'password123',
    'action' => 'add',
    'authkey' => '12345tgtgtt');
$ch = curl_init($url);
$data_string = urlencode(json_encode($data));
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, false); 
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, array("customer" => $data_string));

$result = curl_exec($ch);
curl_close($ch);    
$result = json_decode($result);

manage.php (Code structure)

setcookie('username', $_POST['username'], time() + (86400 * 30), "/"); // 86400 = 1 day
setcookie('password', $_POST['password'], time() + (86400 * 30), "/"); // 86400 = 1 day

But cookies is not set for www.secondwebsite.com. Is there any other method to set the cross domain cookies? Actually i want to develop SSO(Single sign on) functionality between both website. I want if any user login on firstwebsite.com then user will be automatically login on secondwebsite.com.

Is there any approach for SSO functionality in php? Please share..

Upvotes: 3

Views: 3677

Answers (2)

Sakthikanth
Sakthikanth

Reputation: 139

You can use Access-Control method in php for Enable Cookie and Session across cross domain.

Save this code into a php file

header("Access-Control-Allow-Origin: http://example.com");
header("Access-Control-Allow-Credentials: true");
header("Access-Control-Allow-Methods: GET, POST,OPTIONS");
header("Access-Control-Allow-Headers: Content-Type, *");

Then You have to request this file via ajax request .

$.ajax(..... 

    crossDomain: true,
            xhrFields: {
              withCredentials: true
            },
...);

The Cookies and Session of reqested domain will be controlled from your requesting domain.And The Cookie and session data will also be in your same browser...

Upvotes: 0

Szymon Sadło
Szymon Sadło

Reputation: 91

You cannot share cookies between domains. Imagine session stealing and other stuff like that.

There are plenty sites about creating SSO e.g. http://merbist.com/2012/04/04/building-and-implementing-a-single-sign-on-solution/ This is the first one from google.

Upvotes: 3

Related Questions