2 Replies Latest reply on Jul 21, 2007 5:41 PM by Mr Black

    Setting cookies from another domain (CFHTTP)

      Hello All,

      I am in the process of creating a web site that has it's own look/feel and give the users the ability to upload video to YouTube. YouTube does not currently have an API to handle this. So, I found this script called phptube and am attempting to pull from it and create a coldfusion solution. I'm not a PHP person (as of yet) and this is my first attempt.

      I execute the attached code and first of all, I don't see the cookes getting set under the ".youtube.com" domain. Should they be? The CFHTTP returns me to a login page. The question I think I'm trying to ask is this: Can I set a cookie from within my domain for another domain using cfcookie?

      If you have any thougths on this... it would be much appreciated.

        • 1. Re: Setting cookies from another domain (CFHTTP)
          Level 7
          Can I set a cookie from within my domain for another domain using cfcookie?

          NOPE! This would be directly against the security model of the cookie
          specification. A browser will only set cookies for the domain which is
          requesting the cookie. If you could set cookies for other domains just
          imagine the havoc you could create.

          Cookies can be set to share across common sub-domains of the same parent
          domain, but that is it.

          • 2. Re: Setting cookies from another domain (CFHTTP)
            Mr Black Level 1
            Your code should work, if you correctly grab and set all cookies, and if there were not other cookies set on the previous page (the one you use to login). Your second CFHTTP uses POST without a body. This may cause a problem. Try GET instead.

            Also, there could be a redirect from the first page (common practice), which also sets cookies. You, obviously, don't see this and, therefore, don't set those cookies, if this takes place. If so, you need to disable redirects and handle it on your own.

            However, there is another problem. Even, if you login successfully and correctly collect all necessary cookies for a session, your users will not be able to upload files directly to that Web-site (already mentioned domain cookies problem). So, in order to implement what you want, you will have to upload those files on your own server first, and after that upload them on the other Web-site. This could be absolutely unacceptable, if files are large.