CNAME and cookies - 【StackMirror】|java|servlets|cookies|cname

I have two domains - abc.com and xyz.com. I have a CNAME that points xyz.com to abc.com. xyz.com sets a cookie nx=true. Given this setup I should be able to read the cookie on abc.com. Here's a sample Java code `enter code here

protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {

    PrintWriter out = response.getWriter();

    Enumeration<String> h = request.getHeaders("Cookie");
    while (h.hasMoreElements()) {
        out.println("From request.getHeaders(\"Cookie\")-->" + h.nextElement().toString());

    }
        out.flush();
    out.close();

}

2012-04-05 00:05
by Fadi

Looks like you pressed enter before adding the Java code... (and no, cross-domain cookies aren't supposed to work even if the two sites are hosted on the same machine - how would shared hosting be secure if it did? - Adam Mihalcin 2012-04-05 00:07

yup I hit send before actually pasting in the code. - Fadi 2012-04-05 00:11

@Fadi Then click edit and fix the question/post ;- - RobIII 2012-04-05 00:12

The browser doesn't know (or care) wether it's a CNAME, A-record or whatever; all it knows is that it's a different domain and you can't set cross-domain cookies. You might want to check out "How Facebook sets and uses cross-domain cookies" for tips or this SO answer.

It's a whole other ballgame if you had to set a cookie for, for example, the domains abc.foo.com and xyz.foo.com. In that case all you need to do is set the cookie's domain to not include the "subdomain", "hostname", whatever you want to call "abc" and "xyz".

For more information, check out this Wikipedia article.

2012-04-05 00:07
by RobIII