Cross-domain-cookies - a maybe new idea

Question

My buddy Carsten Lau came along with an interesting idea on how to read cross-domain-cookies.

Situation: You want to read a cookie from domain \"A\" that was set on

Answer 1

I put together an NPM package to help with cross-domain cookie/localStorage usage. I know this post is a bit old, but I thought I'd share, in case anyone else needs help with this:

• https://www.npmjs.com/package/cookie-toss

By using an iframe hosted on Domain A, you can store all of your user data on Domain A, and reference that data by posting requests to the Domain A iframe.

Thus, Domains B, C, etc. can inject the iframe and post requests to it to store and access the desired data. Domain A becomes the hub for all shared data.

With a domain whitelist inside of Domain A, you can ensure only your dependent sites can access the data on Domain A.

The trick is to have the code inside of the iframe on Domain A which is able to recognize which data is being requested. The README in the above NPM module goes more in depth into the procedure.

Hope this helps!

Answer 2

This is normal, because you have control of the 2 domains. This is how most websites achieve cross domain single-sign-on by the way. But if you do not have control of the second domain you cannot read cookies from it.