We’re going to have problems keeping cookies across domains. We want
people to shop in one domain (e.g. “booksareus.com”) and then checkout
on the same server securely under a different domain (e.g.
“greatbooks.com”). When we make the jump to the secure domain (the
checkout link) can we submit the user’s session ID along with it and
have it ‘stick’ somehow so we don’t lose their cart?
We’re going to have problems keeping cookies across domains. We want
people to shop in one domain (e.g. “booksareus.com”) and then checkout
on the same server securely under a different domain (e.g.
“greatbooks.com”). When we make the jump to the secure domain (the
checkout link) can we submit the user’s session ID along with it and
have it ‘stick’ somehow so we don’t lose their cart?
In an app I’m coding currently, I pass the session ID in the URL, as
query parameters. CGI knows how to extract it from the request
instead of the cookies. I don’t know though if a cookie is then sent
along on the subsequent response. Haven’t checked.
In an app I’m coding currently, I pass the session ID in the URL, as
query parameters. CGI knows how to extract it from the request
instead of the cookies. I don’t know though if a cookie is then sent
along on the subsequent response. Haven’t checked.
Thanks, this is similar to what we ended up doing. We have a simple
little Perl (gasp!) CGI which gets the cookies submitted to it and then
it resets them in the new domain. It’s just too messy to try to do it
within the Rails framework. It tries to create a new session before we
get a chance, a before-filter does a redirect to a login because the
session is apparently empty, etc.
Despite RFC’s and cookie domain settings, it seems that some browsers
(cough firefox) still get very picky about when and who to send
cookies to. It also is likely that security settings would effect how
cookies (and therefore sessions) get passed between domains and
protocols (i.e. http vs https).
Anyways, here’s a version of our CGI for those who might find it
helpful. We call it in the target domain and protocol where it sets the
session and our other cookie, then redirects to $URL: