Cookie Domain Problem

Cookies are not supposed to be able to be read by any domain other than the one that set it.

Crap. I know I used to have this working, but I'm not sure how. Well, as a side-question, what variable should I be checking for if I want to encompass all of people logged in? $bbuserid? I remember being told that there's something better to use.

Im actually working on such a script.

It will be hopefully complete just after christmas, if all goes well.


Would you be interested in such a thing? (its pretty messy, but it works )

Im also looking into other methods of storing 2 cookies on different domains with the same login information.

Yes, quite interested. I can move my forums onto the same domain if need be, but it's a real pain. It'd be great if I could use the same cookie across the .com/.net domains...I SWEAR that it was working before!

Actually, its never been posible to have cookies across 2 domains.

The security 'experts' thought that cookies could be malicious, and the public got into a big scare,etcetc..

Anyway, i have www.ozfortress.com www.opticpower.net and www.opticpower.com all planning on having different forums displayed(via tha $forumid variable on the index.php, and 2 using vBP), and all being logged in.

Ive been thinking of a few different methods of doing so, and the best i can come up with so far is

Use frames on all 3 of the domains. Have an invisible frame, pointing to something like auth.opticpower.net, which contains the scripts that send out the cookie, and read the cookie. Then refreshes the main frame, with a session variable, or something of that sort, which tells the domain they accessed if the user has logged in or not. Thats a big task imho.

The other option was the have an option for them to login to each different domain, or have an option on a login screen, to allow them to choose if they want to login to all 3, if so, it would open another window, which would only last for a second, that sends out cookies from each of the domains.

That or get them to install a IE/NS plugin that does it all auto (which im also investigating, i think it would be an interesting way around the problem)

-merk

Its just a pity, noone else has bothered to reply to my cries for help here or at vb.org

That or its too hard

I think....

I think the vb people are kind of not too keen on the idea. I was told that it might encourage people to install multiple copies of vB on several domains. I kind of understand the logic, but kind of not....But as you said there is a way to share the database of usernames. I wish I could help with the cookie but I dont know enough to be of much use.....

Well it doesnt break the user-agreement, because im using the exact same instance of vB across the 3 domains.

Re: I think....

Actually I would think the preference on our part would be allowing users to login on two or more domains with one cookie; that would help keep people from installing it more than once, at least to my thinking.

The issue is an interesting one. I mean if you could make the cookies effective across multiple domains and "frame" the boards so that you were using one instance of vB, then you could have an unlimited network of sites using the boards. I would think that would be bad for VB. I don't know how networks like eva 2000's or others work, but I assume they hold multiple licenses...

Technically what Merk suggests is not a violation of the agreement. But I would guess that it is what the agreement sets out to prevent, the use of one copy of vB on multiple sites. Whether or not the software exists physically on the server seems inconsequential at that point....

Actually, the user agreement stops users installing more than one instance of vB on one or more domains, which is fair enough..