How do you store and retrieve non 3rd party cookies across multiple
top level domains?

Hi cookiemonster666-ga,

You can store and retrieve cookies across multiple top level domains
without using third party cookies. The solution involves a series of
redirects.

You need to choose one of your domains as the cookie master (we'll
call it "cookie_master.com" for this example). We'll call all the
other domains the cookie slaves, for example "cookie_slave.com". You
can have as many slave domains as you like. It works like this:

If a user views a page at cookie_master.com, a cookie_master.com
cookie is stored in the usual way.

If a user views a page at cookie_slave.com (we'll call this the
"destination page"), the following happens:

1. The cookie_slave.com webserver sees that there is no cookie for
cookie_slave.com. Instead of displaying the requested page, it issues
a redirect to a special page at cookie_master.com, and includes the
destination page in the query string (because we want to get back to
the destination page eventually).

2. The special page at cookie_master.com checks if there is already a
cookie_master.com cookie. If not, it creates a cookie_master.com
cookie. Then, it redirects to a special page a cookie_slave.com, and
includes two pieces of information in the query string:

   a. the destination page (because we still want to get back
      to it eventually), and

   b. the cookie data

3. The special page at cookie_slave.com uses the cookie data from the
query string to write a cookie_slave.com cookie, and then redirects to
the destination page.

From this point on, you have a cookie on cookie_master.com, and a
mirrored cookie on cookie_slave.com. From now on, the webserver at
cookie_slave.com can get the local cookie and doesn't need to do the
redirects any more.

This technique is explained in more detail, with examples in ASP, by Wayne Berry:

   Sharing Cookies Across Domains
   http://support.softartisans.com/kbview_666.aspx
   http://www.15seconds.com/issue/971108.htm (alternative URL)

I trust you find this information helpful.

Regards,
eiffel-ga


Google Search Strategy:

"third party cookies"
://www.google.com/search?q=%22third+party+cookies%22

cookies "multiple domains"
://www.google.com/search?q=cookies+%22multiple+domains%22

"without using third party cookies"
://www.google.com/search?q=%22without+using+third+party+cookies%22

"wayne berry" cookies "multiple domains"
://www.google.com/search?q=%22wayne+berry%22+cookies+%22multiple+domains%22

flash "local shared objects"
://www.google.com/search?q=flash+%22local+shared+objects%22


Additional Links:

HTTP Cookie - Wikipedia
http://en.wikipedia.org/wiki/HTTP_cookie

Web Analytics Industry Confronts Cookie-Deletion Trend
http://www.ecommercetimes.com/story/ebiz/43284.html

RFC2965 HTTP State Management Specification
http://tools.ietf.org/html/2965
(This is the cookie specification.)

---

Request for Answer Clarification by cookiemonster666-ga on 30 Jun 2006 15:33 PDT

can you accomplish this without redirects? Redirects will not work for our needs.

---

Request for Answer Clarification by cookiemonster666-ga on 30 Jun 2006 15:45 PDT

This looks like technology form 1997!??!?!??? Have we not figured out
a better way to handle this situation in the past 9 years?

---

Clarification of Answer by eiffel-ga on 01 Jul 2006 04:21 PDT

Hi cookiemonster666-ga,

Unfortunately, there's a fundamental problem if you want to avoid
third-party cookies. A third party cookie originates from a domain
other than that of the current web page. The way to avoid the third
party cookie is to make the other domain be the current domain, and
that means a redirect.

I presume the problem with third-party cookies is that the user may
have disabled them in their browser settings. What some sites do in
that case is to fall back to Macromedia Flash MX Local Stored Objects.
These behave like cookies, and are set and read by ActionScript code
within a Flash movie:

  "Shared Objects are used to store data on the client machine
   in much the same way that data is stored in a cookie
   created through a web browser. The data can only be read by
   movies originating from the same domain that created the
   Shared Object. This is the only way Macromedia Flash Player
   can write data to a user's machine."
   Adobe Flash TechNote - What is a Local Shared Object?
   http://www.adobe.com/cfusion/knowledgebase/index.cfm?id=tn_16194

You would need to use a third-party Flash Shared Object to share data
across multiple domains - but Shared Objects might be enabled by users
who have third-party cookies disabled.

As a further fallback, you can avoid the use of cookies altogether by
storing the data on the server and using a heuristic based on IP
Address (for example, by considering any visit from the same IP within
ten minutes to represent the same computer). Clearly, this is not
robust, which would limit its applicability greatly.

Alternatives to cookies are discussed here:

   Wikipedia - HTTP Cookies - Alternatives to cookies
   http://en.wikipedia.org/wiki/HTTP_cookies#Alternatives_to_cookies

For reliability and availability, it's hard to beat cookies. And if
you want to avoid third-party cookies, you have to change domain to
the master domain that's managing the non-third-party cookies. And
that's done by redirecting.

The redirects are only needed for the first cookie-enabled page that
is viewed on each new domain. After that, a duplicate cookie is stored
on the new domain, and can be read in the usual way without a
redirect.

Redirects are indeed last century's technology, but they are exactly
the technology that is required to share cookies across domains
without using third-party cookies.

Regards,
eiffel-ga


Google searches:

flash "local shared objects" "multiple domains"
://www.google.com/search?q=flash+%22local+shared+objects%22+%22multiple+domains%22