SOLVED

Cookie Across 2 Domains

Go to solution
Anonymous
Not applicable

Cookie Across 2 Domains

Hi everybody,

I want to implement a cookie to store the values of the UTMs when a lead hits our website from our paid campaigns. A cookie will help me preserve the value of those utms even if a lead doesn't convert right away.  I'll set up all my forms so that when the lead comes back and fills out a form,  the hidden fields in my form will pull the data from the cookie and store them in our database.

The problem I'm facing right now is that I have marketo forms embedded in both my corporate website (https://www.example.com) and in maketo landing pages (https://go.example.com) which have different domains. My web team let me know that cookies are domain-specific. So if the cookie is created when a lead visits my website (www.example.com), that cookie won't be readable from a form living in a marketo landing page (go.example.com) and viceversa.

Has any of you faced this situation? How did you solve it?

Thanks in advance for your help!

1 ACCEPTED SOLUTION

Accepted Solutions
SanfordWhiteman
Level 10 - Community Moderator

Re: Cookie Across 2 Domains

My web team let me know that cookies are domain-specific.

I hope they also gave their 2 weeks' notice out of shame.

From the standpoint of cookies, www.example.com and go.example.com (and whatever.example.com) are not different domains. Cookies can be shared among websites using those domains without a problem, as long as the cookie is set to the uppermost private level, .example.com.

The domains are different origins, but origins are not used to decide cookie permissions.  Cookies have a much more permissive security model. Your team may have been thinking of cross-origin XHR (Ajax) which does use origins.

Cookies cannot be shared across www.example.com and go.example.org. Those do not share a common private domain suffix.

View solution in original post

2 REPLIES 2
SanfordWhiteman
Level 10 - Community Moderator

Re: Cookie Across 2 Domains

My web team let me know that cookies are domain-specific.

I hope they also gave their 2 weeks' notice out of shame.

From the standpoint of cookies, www.example.com and go.example.com (and whatever.example.com) are not different domains. Cookies can be shared among websites using those domains without a problem, as long as the cookie is set to the uppermost private level, .example.com.

The domains are different origins, but origins are not used to decide cookie permissions.  Cookies have a much more permissive security model. Your team may have been thinking of cross-origin XHR (Ajax) which does use origins.

Cookies cannot be shared across www.example.com and go.example.org. Those do not share a common private domain suffix.

Anonymous
Not applicable

Re: Cookie Across 2 Domains

Thanks for the quick reply, Sanford Whiteman! This helps, I'll share the details with them -- I do believe they were thinking about XHR.