Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
SOLVED

Reading cookie from an another site

Avatar

Level 2

Hi,

I am building a secure site, which will have links from inside another secure site ( which is not based on AEM). The other site drops a cookie and i am supposed to read the cookie and validate the user when the user comes to the AEM part of site. What will be the easiest way to accomplish this, Can i use the dispatcher in accomplishing this functionality.

1 Accepted Solution

Avatar

Correct answer by
Level 4

- You cannot share cookies across domains. You can, however, allow all subdomains to have access. To allow all subdomains of example.com to have access, set the domain to .yourmaincompanydomain.com.

It's not possible giving externaldomain.com access to yourmaincompanydomain.com's cookies though.

- Using Javascript you have to resolve cross domain issue(iframe and few more thing to ensure works properly in a distribute domain) and few more issues but server to server you can read using cookie api(recommended)

One more thing, regarding dispatcher items: you can not accomplish what are you looking for.

The dispatcher has the following configuration:

- stickyConnection: Sticky connections ensure that session data is present and consistent for all documents.Dispatcher sends all requests, from a single user, that are in this folder to the same render instance.

- http header supported : /clientheaders property defines a list of HTTP headers that Dispatcher passes from the client HTTP request to the renderer (AEM instance).

- setup secure session(session managements)- Create a secure session for access to the render farm so that users need to log in to access any page in the farm. After logging in, users can access all pages in the farm. In particularly for header(/header), the name of the HTTP header or cookie that stores the authorization information. If you store the information in the http header, use HTTP:<header-name>.

- caching authenticated user depend on cookie heder

- configure load balance base on cookie value

View solution in original post

4 Replies

Avatar

Correct answer by
Level 4

- You cannot share cookies across domains. You can, however, allow all subdomains to have access. To allow all subdomains of example.com to have access, set the domain to .yourmaincompanydomain.com.

It's not possible giving externaldomain.com access to yourmaincompanydomain.com's cookies though.

- Using Javascript you have to resolve cross domain issue(iframe and few more thing to ensure works properly in a distribute domain) and few more issues but server to server you can read using cookie api(recommended)

One more thing, regarding dispatcher items: you can not accomplish what are you looking for.

The dispatcher has the following configuration:

- stickyConnection: Sticky connections ensure that session data is present and consistent for all documents.Dispatcher sends all requests, from a single user, that are in this folder to the same render instance.

- http header supported : /clientheaders property defines a list of HTTP headers that Dispatcher passes from the client HTTP request to the renderer (AEM instance).

- setup secure session(session managements)- Create a secure session for access to the render farm so that users need to log in to access any page in the farm. After logging in, users can access all pages in the farm. In particularly for header(/header), the name of the HTTP header or cookie that stores the authorization information. If you store the information in the http header, use HTTP:<header-name>.

- caching authenticated user depend on cookie heder

- configure load balance base on cookie value

Avatar

Level 10

The dispatcher is for caching and load balancing. It will not help you access Cookies on another domain. And as Diego Fontan pointed out - this is not really possible across domains.

On the Cookie question -- here is a stackoverflow question that can help -- web applications - Cross-Domain Cookies - Stack Overflow

Avatar

Level 2

Basically all these apps share the share primary domain and are all Subdomains. The intent is to make the experience seamless, so that the user does not have to login again.  How can i read for a cookie easily? Do i build a custom Authentication Handler? which way would the easiest.

Avatar

Level 10

You are referring to Single Sign on - read this -- Single Sign On