Implement cross-domain Cookie

Cookie is a great invention that allows web developers to retain the logon status of their users. However, problems may occur when your site or network has more than one domain name. In terms of Cookie specification, a cookie can only be used for one domain name and cannot be sent to other domain names. Therefore, if a cookie is set for a domain name in the browser, the cook Cookie

Cookie is a great invention that allows web developers to retain the logon status of their users. However, when your site or network
If there is more than one domain name, the problem may occur.

In terms of Cookie specification, a cookie can only be used for one domain name and cannot be sent to other domain names. Therefore, if a cookie is set for a domain name in the browser, the cookie will be invalid for other domain names. If you want your users to log on from one of your sites, you can also log on to other domain names, which is really a big challenge.

My solution will use the following general framework:

A preset script will be used to accept the sessionid passed through the GET or COOKIE method. It will give priority to GET than COOKIE
Variable. Therefore, whenever cross-domain names need to be referenced, sessionid is sent as a URL parameter. Modify Apache configuration to rewrite all cross-domain cookies. The reason for doing so will be clear later. Use variables when a cross domain name is referenced at any time.

Step 1: Create a preset script
Add the following code to the preset script (or appear in the function before all scripts ).

/* Supports cross-domain cookie ...*/

// If The GET variable has been set and is different from the cookie variable
// Use the get variable to update the cookie)
Global $ HTTP_COOKIE_VARS, $ HTTP_GET_VARS;
If (isset ($ sessionid) & isset ($ HTTP_GET_VARS ['sessionid']) & ($ HTTP_COOKIE_VARS ['sessionid']! = $ HTTP_GET_VARS ['sessionid']) {
SetCookie ('sessionid', $ HTTP_GET_VARS ['sessionid'], 0 ,'/','');
$ HTTP_COOKIE_VARS ['sessionid'] = $ HTTP_GET_VARS ['sessionid'];
$ Sessionid = $ HTTP_GET_VARS ['sessionid'];
}
?>

Once the code is run, a global 'sessionid' variable can be used in the script. It will save
Sessionid value, or the sessionid value sent through the GET request.


Step 2: Use variables for all cross-domain reference
Create a global configuration file to store the basic reference form of domain names that can be switched. For example, if we have
Domain1.com and domain2.com are set as follows:

$ Domains ['domain1'] = "http://www.domain1.com/-?sessionid -";
$ Domains ['domain2'] = "http://www.domain2.com/-?sessionid -";
?>

Now, if you do the following in the code:

Echo "Click <a href =" ", $ domains ['domain2'],"/contact /? Email = yes "> here </a> to contact us .";
?>

You will generate the following output:

Click here
To contact us.

Here, sessionid has been inserted into the URL.

In this place, you may think, "This may open the sub-directory named horizontal line, sessionid, and horizontal line on the web server ?!?!? ".
However, the following steps provide a required trick for it to use!


Step 3: Configure Apache
Now, the remaining step is to configure apache to rewrite this URL:

Http://www.domain2.com/-66543afe6543asdf6asd-/contact/
The result is as follows:

Http://www.domain2.com/contact? Sessionid = 66543afe6543asdf6asd
And this url:

Http://www.domain2.com/-66543afe6543asdf6asd-/contact? Email = yes
The result is as follows:

Http://www.domain2.com/contact? Email = yes & sessionid = 66543afe6543asdf6asd
To implement it, simply configure two virtual servers as domain1 and domain2. the following operations are performed:


DocumentRoot/usr/local/www/domain1
ServerName www.domain1.com
RewriteEngine on
RewriteRule ^ /-(.*)-(.*?. *) $ & Sessionid = [L, R, QSA]
RewriteRule ^/-(. *)-(. *) $? Sessionid = [L, R, QSA]



DocumentRoot/usr/local/www/domain2
ServerName www.domain2.com
RewriteEngine on
RewriteRule ^ /-(.*)-(.*?. *) $ & Sessionid = [L, R, QSA]
RewriteRule ^/-(. *)-(. *) $? Sessionid = [L, R, QSA]


These rewrite rules meet the requirements for rewriting the above two URLs.

Conclusion
By combining variables with the rewrite function of apache, cross-domain cookie can be implemented in a simple way. To maintain such
The system does not need to do anything except when cross-domain names are linked or when domain name variables are used! Links within the domain name do not need to be performed
Because the cookie will work normally.

If you are interested in viewing the systems in the production network, visit http://www.familyhealth.com.au /. In
Move your mouse over some cross-domain links and see how they are overwritten after you click.

Maybe the only problem with using this technology is that the cookie under all domain names in the user's browser cannot be deleted.