Cross Domain Cookies and Communication
Fri, 11/27/2009 - 16:17 — nikunj24
Cross Domain Cookies and Communication
Well there are very good articles on the above topics and I have also read and experimented few, thought of sharing jist of how cross domain and cookies and communication work.
Cross Domain Cookies
Well Login into google.com and bang
i.e without loggin out just surf gmail.com or orkut.com or picasaweb.google.com and you do not have to login again, you are already logged in
Thats because google shares cookies across domains
Similar is the case with msn.com, hotmail.com and live.com
Here is the logic behind the scenes
Consider 2 domains as mainDomain.com and otherDomain.com. There can be lots otherDomain.com
If a user views a page at mainDomain.com, a mainDomain.com cookie is stored in the usual way.
If a user views a page X(destination page) at otherDomain.com, the following happens:
The otherDomain.com webserver sees that there is no cookie for otherDomain.com. Instead of displaying the requested page, it issues a redirect to a special page at mainDomain.com, and includes the destination page in the query string (because we want to get back to the destination page eventually).
The special page at mainDomain.com checks if there is already a mainDomain.com cookie. If not, it creates a mainDomain.com cookie. Then, it redirects to a special page a otherDomain.com, and includes two pieces of information in the query string:
1)the destination page (because we still want to get back to it eventually)
2)the cookie data
The special page at otherDomain.com uses the cookie data from the query string to write a otherDomain.com cookie, and then redirects to the destination page.
From this point on, you have a cookie on mainDomain.com, and a replica cookie on otherDomain.com. From now on, the webserver at otherDomain.com can get the local cookie and doesn't need to do the redirects any more.
here are few good links to read more upon Cross Domain Cookies
http://www.15seconds.com/issue/971108.htm
http://answers.google.com/answers/threadview/id/742376.html
http://www.ietf.org/rfc/rfc2109.txt
http://tools.ietf.org/html/rfc2965
Cross Domain Communication
Well instead of me writing on it, there is one good flow image for it on msdn.com and one on facebook.com
.gif)
here are few good links to read more upon Cross Domain Communication
http://msdn.microsoft.com/en-us/library/bb735305.aspx Must Read .. :)
http://wiki.developers.facebook.com/index.php/Cross_Domain_Communication
http://blogs.msdn.com/dthorpe/
http://lists.w3.org/Archives/Public/public-webapi/2006Jun/0012.html
http://www.mail-archive.com/public-webapi@w3.org/msg00341.html
Adios
Till then happy coding...
- nikunj24's blog
- 903 reads
Some Rights Reserved © www.nikunjsoni.com