{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 欢心 的问题《Share a cookie between two websites》','https://www.manongdao.com/q-1170180.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I have built a website (A) which logs in to and retrieves customer data from a separate web service.
The organisation that owns (A) also has a website (B) which has a web form. They want a logged in customer on (A) to be able to click across to (B) and see a pre-populated form with their details.
This means (A) must write their customer ID to a cookie, which (B) can read, and then (B) can request the data from the web service, and pre-populate the form.
This raises two questions:
Can website (B) read the cookie for website (A)?
If so, to prevent someone from editing a cookie and seeing other people's data in the form, I would need to do something like encrypt the cookie on (A) and then have that decrypted in (B) - any suggestions along this line?
I can't change the existing login to OAuth or something, as the web service is consumed by several other sites, so this cannot change.
There are open source tools on the internet that can do that, but this s against the whole idea behind the cookies philosophy. Cookies are meant to be accessed by only one domain. You can however mock that domain and 'Hack' into the browser. It's not recommended and some browsers have tighter security and don't allow that.
I suggest you create a web service in website A and give reading access to B to read it.