Reputation: 21788
IE: How to handle cross-domain cookies?
My main Site (hostsite) has an IFRAME with a registration site (regsite) hosted on a different domain.
I want to host the registration on a different domain, because I feel storing the DB login information on hostsite is not safe as many people have access to the backend.
All browsers accept the login session-cookie coming from regsite - Internet Explorer 8 does not. The only way to make IE accept this cookie is by adding both sites to "Trusted Sites" which is not what i want.
Is there any way I can work around the cross-domain issue besides a local browser setting or is my only option to move the registration to hostsite (curl is not an option as it's not static HTML I'm displaying on the registration site, but PHP files)?
Upvotes: 1
Views: 3909
Answers (2)
Reputation: 52698
I think this can be solved without moving anything, and little programming. Just with some DNS rules.
For example, you can create a new subdomain called register.hostsite(.com) pointing to the ip where regsite is.
Then re-direct the IFRAME to that new subdomain.
It will get the same bits from the same server, but now it will be inside hostsite's domain.
That should (at least in theory) be enough to satisfy IE. I'm not 100% sure though, I haven't used IFRAMES in a long time.
If that doesn't work, I'd suggest asking on serverfault, too.
EDIT: I was looking for another issue and found this 'micro-proxy' PHP implementation by yahoo. It's their recommended way of resolving this kind of issues:
http://developer.yahoo.com/javascript/samples/proxy/php_proxy_simple.txt
Upvotes: 4
Reputation: 38046
The problem with the iframe and IE is that IE considers the iframe's content as 3'rd party (as in advertisements etc).
To have IE actually store the cookies set by this domain document you need to have the other domain emit an P3P-header stating its intentions. This is easy to do and requires only a single http-header to be added.
I'm, not sure what you mean by cross domain issues though as there are none - you simply have two different documents from two different domains. You have not stated whether you are trying to have one domain set cookies for the other, or one page access the other.
Upvotes: 2
Related Questions
- Internet Explorer set cross domain cookies for authorization
- IE 11 first-party session cookies being lost in iframe
- Accessing Domain Cookies within an iFrame on Internet Explorer
- Google Chrome cross domain cookie issue with iframe
- How to retrieve a cookie from a different domain
- Cannot set cookies in IFRAME in IE, even with P3P header
- Cross-domain cookies in IE 8 and 9 without an iframe?
- Get cookies from another domain in IE
- Setting cookies from a different-domain-src iframe
- X-Domain Cookies in iFrames