Logging Cookies via Different Domain

Question

Goal: Post link on site A, lead to php on site B, log cookie on site A.

Site B:

<?php
session_start();
$cookie = $_COOKIE['PHPSESSID'];
file_put_contents("cookie.txt", $cookie . "\n", FILE_APPEND);
?>

Currently I'm only receiving the cookies from site B where the php resides.

Answer 1

PHP is serverside. Cookies are set client-side. There are very strict rules that proper web browsers need to abide by when it comes to dealing with cookies. Specifically section 5.4 :

5.4. The Cookie Header

The user agent MUST use an algorithm equivalent to the following algorithm to compute the "cookie-string" from a cookie store and a request-uri:

1. Let cookie-list be the set of cookies from the cookie store that meets all of the following requirements:

 *  Either:

         The cookie's host-only-flag is true and the canonicalized
         request-host is identical to the cookie's domain.

      Or: The cookie's host-only-flag is false and the canonicalized
         request-host domain-matches the cookie's domain.

  *  The request-uri's path path-matches the cookie's path.

  *  If the cookie's secure-only-flag is true, then the request-

      uri's scheme must denote a "secure" protocol (as defined by
      the user agent).

  *  If the cookie's http-only-flag is true, then exclude the

      cookie if the cookie-string is being generated for a "non-
      HTTP" API (as defined by the user agent).

[There's more criteria but they're not relevant here]

What this means is that a user agent will not send a cookie to Site B unless Site B is the one that actually set that cookie or Site A sets that cookie to be accessible by Site B.

In short you can't read cookies set by other sites unless they let you or you're exploiting browser vulnerabilities (which is very naughty)