Google Answers Logo
View Question
Q: Storing and retrieving non 3rd party cookies across mutiple domains ( Answered,   0 Comments )
Subject: Storing and retrieving non 3rd party cookies across mutiple domains
Category: Computers > Internet
Asked by: cookiemonster666-ga
List Price: $50.00
Posted: 30 Jun 2006 11:18 PDT
Expires: 30 Jul 2006 11:18 PDT
Question ID: 742376
How do you store and retrieve non 3rd party cookies across multiple
top level domains?
Subject: Re: Storing and retrieving non 3rd party cookies across mutiple domains
Answered By: eiffel-ga on 30 Jun 2006 14:03 PDT
Hi cookiemonster666-ga,

You can store and retrieve cookies across multiple top level domains
without using third party cookies. The solution involves a series of

You need to choose one of your domains as the cookie master (we'll
call it "" for this example). We'll call all the
other domains the cookie slaves, for example "". You
can have as many slave domains as you like. It works like this:

If a user views a page at, a
cookie is stored in the usual way.

If a user views a page at (we'll call this the
"destination page"), the following happens:

1. The webserver sees that there is no cookie for Instead of displaying the requested page, it issues
a redirect to a special page at, and includes the
destination page in the query string (because we want to get back to
the destination page eventually).

2. The special page at checks if there is already a cookie. If not, it creates a
cookie. Then, it redirects to a special page a, and
includes two pieces of information in the query string:

   a. the destination page (because we still want to get back
      to it eventually), and

   b. the cookie data

3. The special page at uses the cookie data from the
query string to write a cookie, and then redirects to
the destination page.

From this point on, you have a cookie on, and a
mirrored cookie on From now on, the webserver at can get the local cookie and doesn't need to do the
redirects any more.

This technique is explained in more detail, with examples in ASP, by Wayne Berry:

   Sharing Cookies Across Domains (alternative URL)

I trust you find this information helpful.


Google Search Strategy:

"third party cookies"

cookies "multiple domains"

"without using third party cookies"

"wayne berry" cookies "multiple domains"

flash "local shared objects"

Additional Links:

HTTP Cookie - Wikipedia

Web Analytics Industry Confronts Cookie-Deletion Trend

RFC2965 HTTP State Management Specification
(This is the cookie specification.)

Request for Answer Clarification by cookiemonster666-ga on 30 Jun 2006 15:33 PDT
can you accomplish this without redirects? Redirects will not work for our needs.

Request for Answer Clarification by cookiemonster666-ga on 30 Jun 2006 15:45 PDT
This looks like technology form 1997!??!?!??? Have we not figured out
a better way to handle this situation in the past 9 years?

Clarification of Answer by eiffel-ga on 01 Jul 2006 04:21 PDT
Hi cookiemonster666-ga,

Unfortunately, there's a fundamental problem if you want to avoid
third-party cookies. A third party cookie originates from a domain
other than that of the current web page. The way to avoid the third
party cookie is to make the other domain be the current domain, and
that means a redirect.

I presume the problem with third-party cookies is that the user may
have disabled them in their browser settings. What some sites do in
that case is to fall back to Macromedia Flash MX Local Stored Objects.
These behave like cookies, and are set and read by ActionScript code
within a Flash movie:

  "Shared Objects are used to store data on the client machine
   in much the same way that data is stored in a cookie
   created through a web browser. The data can only be read by
   movies originating from the same domain that created the
   Shared Object. This is the only way Macromedia Flash Player
   can write data to a user's machine."
   Adobe Flash TechNote - What is a Local Shared Object?

You would need to use a third-party Flash Shared Object to share data
across multiple domains - but Shared Objects might be enabled by users
who have third-party cookies disabled.

As a further fallback, you can avoid the use of cookies altogether by
storing the data on the server and using a heuristic based on IP
Address (for example, by considering any visit from the same IP within
ten minutes to represent the same computer). Clearly, this is not
robust, which would limit its applicability greatly.

Alternatives to cookies are discussed here:

   Wikipedia - HTTP Cookies - Alternatives to cookies

For reliability and availability, it's hard to beat cookies. And if
you want to avoid third-party cookies, you have to change domain to
the master domain that's managing the non-third-party cookies. And
that's done by redirecting.

The redirects are only needed for the first cookie-enabled page that
is viewed on each new domain. After that, a duplicate cookie is stored
on the new domain, and can be read in the usual way without a

Redirects are indeed last century's technology, but they are exactly
the technology that is required to share cookies across domains
without using third-party cookies.


Google searches:

flash "local shared objects" "multiple domains"
There are no comments at this time.

Important Disclaimer: Answers and comments provided on Google Answers are general information, and are not intended to substitute for informed professional medical, psychiatric, psychological, tax, legal, investment, accounting, or other professional advice. Google does not endorse, and expressly disclaims liability for any product, manufacturer, distributor, service or service provider mentioned or any opinion expressed in answers or comments. Please read carefully the Google Answers Terms of Service.

If you feel that you have found inappropriate content, please let us know by emailing us at with the question ID listed above. Thank you.
Search Google Answers for
Google Answers  

Google Home - Answers FAQ - Terms of Service - Privacy Policy