Hi all,
I've got a delima. I have siteA.com and I'm working with (but do not own or have access to their server, etc) siteB.com. siteB.com is NOT a subdomain of siteA.com.
I've been asked to provide a link, after signing in to siteA.com, that would take the user to siteB.com. The users' "signin" information that is set via a cookie on siteA.com is supposed to be accessable to the pages/scripts on the server for siteB.com. I was told that cookies could be used, that the pages on siteB.com could just "read" the "encrypted" cookie information if they (siteB.com) were given the "decryption" method on how the cookie was created (ie. the name/value pairs).
I stated that siteB.com could not read (without some hacking method) the cookies set by siteA.com, that cookies were "site specific", therefore the 2nd site...siteB.com can not be expected to read the siteA.com's cookie information. etc etc etc.
The group that I was basically in contention with regarding this, stated hey...what about ebay.com and paypal.com. When you log into ebay.com and click on over to paypal.com....paypal.com has your cart and other information from ebay.com. It's cookies! I said, no, that I thought paypal.com was probably stacked on ebay.com (i.e. a subdomain) since ebay owns paypal and that is how they are sharing information between those domains. or that perhaps they are using LDAP.
Bottom line, can anyone point me to some cookie documentation or state that there is no way (aside from a hack) that siteB.com could ever read cookies set by siteA.com?
Long winded I know, but I wanted to set the stage a bit.
Thanks!
