How do you create a browser cookie that persists to a different domain?
Server1 creates a request to server2. In response, server2 feeds back an html page with the headers
I display the html to the browser via the OutputStream. Also I obtain the response headers and attempt to relay it back to the browser. Here is the relay cookie I'm attempting to create for the next request Note: USER1 is obtained from server2's response
Cookie aCookie1 = new Cookie("_user", USER1); aCookie1.setDomain("188.8.131.52"); //to server2 aCookie1.setPath("/cgi-bin/"); response.addCookie(aCookie1);
The next request will be towards server2 but for some reason the cookie doesn't exist in the request even though I created one for that domain on the response before it.
Please don't ask why I'm going through all this trouble of relaying back and forth between 2 servers. I realize a simple POST method from the browser/html would work just fine, but that couldn't be in this case.
-----------------------------Look at section 4.3.2 of RFC 2109, linked below. It states that a cookie is rejected if the following is true:
- The value for the request-host does not domain-match the Domain attribute.
What that means is that you can't set a cookie for a different domain than is being accessed. NOTE: you _can_ set a cookie that will get sent to all subdomains, ie www.foo.com and secure.foo.com, but you _can't_ set a cookie on a page requested from foo.com to be sent to a server in the bar.com domain.