Implementing a cross Domain cookie

Source: Internet
Author: User
Tags implement log variables reference variable domain domain name
Cookie cookies are a great invention that allows web developers to keep their users ' login status. However, when your site or network
There is a problem when you have more than one domain name.

In the cookie specification, a cookie can be used only for one domain name and not for other domain names. Therefore, if you are in the browser
A domain name is set up with a cookie that is not valid for other domain names. If you want to get your users from one of your sites
One to log in, but also to log on to other domains, which is really a big problem.

My solution will use the following general framework:

A preset script is used to accept SessionID numbers passed through a GET or cookie. It will take precedence over cookies to select get
Variable. So whenever we need to refer to the cross domain name, we send SessionID as a URL parameter.
Modifies the Apache configuration to implement a cookie that overrides all cross domain names. The reason for this will be clear in a moment.
Use variables at any time when a cross domain reference is present.
First step: Create a preset script
Add the following code to the Out-of-the-box script (or to a function that appears before all the scripts).


/* Support cross Domain cookie ... * *

If the get variable is already set, and it is different from the cookie variable
You use a Get variable (update cookie)
Global $HTTP _cookie_vars, $HTTP _get_vars;
if (Isset ($sessionid) && isset ($HTTP _get_vars[' SessionID ']) && ($HTTP _cookie_vars[' SessionID ']!= $ http_get_vars[' SessionID ']) {
Setcookie (' SessionID ', $HTTP _get_vars[' SessionID '], 0, '/', ');
$HTTP _cookie_vars[' sessionid '] = $HTTP _get_vars[' SessionID '];
$sessionid = $HTTP _get_vars[' SessionID '];


Once this code is run, a global ' sessionid ' variable will be available for scripting. It will be saved in the user's cookie
SessionID value, or a SessionID value that is sent through a GET request.

Step two: Use variables for all cross domain references
Create a global configuration file that holds the basic reference form for domain names that can be toggled. For example, if we have and, the following settings are:


$domains [' domain1 '] = "$sessionid-";
$domains [' domain2 '] = "$sessionid-";


Now, if you do the following in your code:


echo "Click <a href=\", $domains [' domain2 '], "/contact/?email=yes\" >here</a> to contact us. "

You will produce the following output:

Click <a href= "Http://\" >here</a>
To contact us.

Here SessionID has been inserted into the URL.

In this place, you might think, "this might open a subdirectory on the Web server named horizontal, SessionID, horizontal?!?!?."
However, the steps below will provide a necessary trick to make it work!

Step Three: Configure Apache
Now, the next step is to configure Apache to rewrite the URL:
Become this:

And this URL:

Become this:

To implement it, simply configure two virtual servers as domain1 and Domain2, as follows:

<virtualhost ipaddress>
Rewriteengine on
Rewriterule ^/-(. *)-(. *\?). *) $ $2&sessionid=$1 [L,R,QSA]
Rewriterule ^/-(. *)-(. *) $ $2?sessionid=$1 [L,R,QSA]

<virtualhost ipaddress>
Rewriteengine on
Rewriterule ^/-(. *)-(. *\?). *) $ $2&sessionid=$1 [L,R,QSA]
Rewriterule ^/-(. *)-(. *) $ $2?sessionid=$1 [L,R,QSA]

These overridden rules implement the requirements of the above two URL overrides.

Cross-domain cookies can be implemented in a simple way by using variable binding with Apache rewrite capabilities. Want to maintain such a
System, no matter when the link cross domain name, in the use of domain name variables, nothing to do! Links within the domain name are not required
Modified, because cookies will work properly.

If you are interested in looking at the actual operating system in the production network, please visit In
Move your mouse over some cross domain links and see how they are rewritten when you click.

Perhaps the only problem with this technique is that you cannot delete cookies under all the domain names in the user's browser.

Related Article

Alibaba Cloud 10 Year Anniversary

With You, We are Shaping a Digital World, 2009-2019

Learn more >

Apsara Conference 2019

The Rise of Data Intelligence, September 25th - 27th, Hangzhou, China

Learn more >

Alibaba Cloud Free Trial

Learn and experience the power of Alibaba Cloud with a free trial worth $300-1200 USD

Learn more >

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.