0 Replies Latest reply: Jan 23, 2013 5:40 AM by MikitaManko
MikitaManko Level 1 Level 1 (0 points)

I will shortly describe all flow:

1) user opens login form from domain domain.first.com fills it in and submit as POST request to domain.first.com/login

2) domain.first.com/login handler sets authentication cookie on .first.com domain and makes 302 redirect to domain.second.com/setcookie

3) domain.second.com/setcookie handler also sets the same authentication cookie but on second.com domain and make 302 redirect on domain.first.com/xd_receiver - this will trigger cliens logic - e.g. close authentication overlay.


The problem is that safari ignores SetCookie header during the second request (point number (3)), but all other browsers set necessary cookies on both domains.

I tried replace 302 redirect with usage of



<meta http-equiv="refresh" content="0;http://widgets.flux-dev.com/-/SetAuthCookie.ashx?authCookie=...">

but the result is still negative.

In all tests were used safari mac/windows 5.1.7, safari windows 5.1.5 and 5.1.2 with default settings, so the setting block cookies was setted to "block cookies from 3rd parties" (as I understood all users use safari configured with default settings)


The question - could you please give me an advice how to set one cookie on two different domains during the authetication process? Using of subdomains of one domain is impossible.


Thanks in advance.

Safari, Windows 7