I know browsers block cross domain cookies for security reasons. I'm wondering if there is a way around it? I have a WP website and also a url shortener, the URL shortener does some tracking by grabbing the WP username from the cookie, if it is set.
I've moved my url shortener to a new short domain and obviously the tracking system has stopped grabbing the username from the cookie. Is there any way I can reintroduce this functionality?
Cross domain can be allowed by the header Access-Control-Allow-Origin: *.
But you cannot share cookies through domains.
An alternative solution from this SO anwser:
You could do something like this:
- centrilize all cokies in a single domain, let's say cookiemaker.com
- when the user makes a request to example.com you redirect him to cookimaker.com
- cookiemaker.com redirects him back to example.com with the information you need
Of course, it's not completelly secure, and you have to create some kind of internal protocol between your apps to do that.