Forum Discussion

Robert_47833's avatar
Robert_47833
Icon for Altostratus rankAltostratus
Apr 16, 2013

how to insert cookie for 2 domains

 

in HTTP::response event HTTP::cookie insert name "test" value "00" path "/" domain "x.com"

besides this,I also want this cookie "test" be set in domain "xy.com"

 

is the second cookie test is based on session,there is no session for it(new domain),what will happen?

 

 

per my understanding,session based cookie is for the exact session which get this cookie

 

if there is a cookie for a new domain,how to understand this session based cookie?

 

 

1:for example domain is .xy.com

 

I got this cookie from 1.xy.com,what will happend if I visit 2.xy.com?

 

or

 

2:I got this cookie test xy.com domain,but the session for I got it is (my laptop -------- 1.x.com)

 

3:even I use

 

HTTP::cookie insert name "test" value "1" path "/" domain "x.com"

 

HTTP::cookie insert name "test1" value "1" path "/" domain "xy.com"

 

it seems when trying to visit 1.xy.com,cookie is not included in http request header

 

thx in advance

 

application delivery
dev
devops
iRules

4 Replies

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Apr 16, 2013
    Hi Robbie,

     

     

    By design, one web service can't set a cookie for a different domain. See these wiki pages for details:

     

     

    http://en.wikipedia.org/wiki/Same_origin_policy

     

    http://en.wikipedia.org/wiki/HTTP_cookie

     

     

    Do you own both domains? If so, you could potentially use an HTTP redirect to force the client to make a request to xy.com after they make a request to x.com:

     

     

    HTTP::respond 302 Location "http://site2.xy.com/index.html" Set-Cookie "my_cookie_name=my_cookie_value; Domain=.x.com; Path=/"

     

     

    This would send a 302 redirect to an xy.com subdomain with a cookie set for x.com.

     

     

    Aaron
  • Robert_47833's avatar
    Robert_47833
    Icon for Altostratus rankAltostratus
    Apr 16, 2013

    hi,Aaron

     

    great to see your reply

     

    yes,I just found this ,for security reason,it is not allowed

     

    yes,I own both domains.

     

    all I want to do is ,let broswer or client cache cookie for xy.com when I visit x.com domain. and carry this cookie when hit xy.com(or whatever header which can act simliar as cookie)

     

    reriect to xy.com page is not expected behavior.

     

     

    I will try your solution,but ,http::redirect will redirect user brosswer to another page,is it?

     

     

    seems I need to do steps below:

     

    1:

     

     

    when HTTP_RESPONSE {

     

    HTTP::respond 302 Location "http://site2.xy.com/index.html"

     

    HTTP::cookie insert name xxxx

     

    }

     

    right?

     

    2:set cookie for xy.com in its irule which applied to site2.xy.com,right?

     

    3:would u kindly help me to understand session cookie,for example.when I hit 1.x.com ,cookie x.com is saved,if I hit 2.x.com,it is totally a different session

     

  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Apr 16, 2013
    Sorry for not completing the thought. The HTTP::respond command would be used on the x.com virtual server to send a redirect to xy.com and set a cookie for x.com. You'd want to use a specific URI in the redirect and probably set a session ID in a parameter value:

     

     

    HTTP::respond 302 Location "http://site2.xy.com/set_session?sessionid=abcd" Set-Cookie "my_cookie_name=my_cookie_value; Domain=.x.com; Path=/"

     

     

    On the xy.com virtual server you'd want to check for requests to /set_session and parse the sessionid parameter value. You could then set a cookie on the xy.com domain with the same value. You could then redirect the client back to the original x.com subdomain with the client then having two separate sessionid cookies set to the same value.

     

     

    Does that make more sense?

     

     

    Aaron
  • Robert_47833's avatar
    Robert_47833
    Icon for Altostratus rankAltostratus
    Apr 16, 2013
    wooo,great thx,Aaron

     

    you always have solution

     

     

    so in HTTP::request event,x.com irule redirect client to xy.com with cookie set for x.com ,then in xy.com irule HTTP::request event,it redirect it back to x.com with cookie set for xy.com.

     

    once this is done,request with cookie set goes to normal process,right?