You can share frontend
cookie between magento website with different domains using that solution ainixon.me/set-cookie-on-cross-domains.
You need to create cookies.php
file with the following code
<?php
setcookie("frontend", htmlspecialchars($_GET['SID']), time() + 86400);
?>
and in magento template you will need to add following code after the <body>
tag
<?php
$this_session_id = Mage::getSingleton('core/session', array('name' => 'frontend'))->getSessionId();
?>
<!-- setting cookies to other domains -->
<img src="http://anotherdomain.com/cookies.php?SID=<?php echo $this_session_id; ?>" style="display:none;" />
<img src="http://somedomain.ne/cookies.php?SID=<?php echo $this_session_id; ?>" style="display:none;" />
<!-- setting cookies to others domains ends -->
This is an article from NovusWeb: http://www.novusweb.com/fix-for-passing-magento-session-ids/
Fix for Passing Magento Session IDs
Author: Brett Williams
Posted November 9, 2011
Fixing Magento Session IDs
We often use shared SSL’s when building e-commerce sites. It’s a convenient way of hosting multiple stores without having to purchase separate SSL certificates for each site. Most of our e-commerce clients manage multiple stores within a single Magento or OpenCart installation. Recently, we found a problem with Magento where the customer’s session ID was not being passed successfully between their initial visit to the site and their page views after logging into the store as a registered customer. Magento was not passing the same session IDs, and this meant that a customer who had previously logged in and added items to their cart, would lose the contents of their cart after returning later and logging in. Not a great situation.
In looking at the cookies created during a session, I found that when going from an unsecure domain (i.e., http://) to a secure domain (i.e., https://), the session ID was being passed successfully and a new cookie for the secure domain was created with the same session ID as the unsecure domain. However, when the customer logged in, a new cookie was created for the secure domain with an entirely new session ID. Magento was now using the newer cookie, and whenever the customer clicked to go back into an unsecure domain page (e.g. product detail page), they were no longer logged into Magento as the unsecure domain was using its cookie/session ID, not the new session ID created at login. The solution would be to find where the new session ID was being created and prevent that from occurring.
So, I began digging into the code to see if I could find where Magento was creating the new session.
In app/code/core/Mage/Customer/Model/session.php, I found this at lines 177-189 (Magento CE 1.5.1):
public function login($username, $password)
{
/** @var $customer Mage_Customer_Model_Customer */
$customer = Mage::getModel('customer/customer')
->setWebsiteId(Mage::app()->getStore()->getWebsiteId());
if ($customer->authenticate($username, $password)) {
$this->setCustomerAsLoggedIn($customer);
$this->renewSession();
return true;
}
return false;
}
My solution was to comment out the line: $this->renewSession():, so that Magento would not create a new session when the customer logged in. The changed code looks like this:
public function login($username, $password)
{
/** @var $customer Mage_Customer_Model_Customer */
$customer = Mage::getModel('customer/customer')
->setWebsiteId(Mage::app()->getStore()->getWebsiteId());
if ($customer->authenticate($username, $password)) {
$this->setCustomerAsLoggedIn($customer);
//$this->renewSession();
return true;
}
return false;
}
So far in our testing, everything is working just fine, and the customer’s session is being retained between domains. Now, before you rush to change this core file, do the following:
Backup your databases (you should always do this before making any modifications).
Build the following directory hierarchy: app/code/local/Mage/Customer/Model/.
Put a copy of session.php into this new directory.
Comment out the appropriate line, shown above, and save your file.
By putting your modifications into the app/code/local directory, you’re telling Magento to use these files instead of the core files. More importantly, you’re preventing the loss of your modifications should you update Magento in the future.
It also provides a convenient way to store and manage your code modifications, as you only need to keep modified files in the app/code/local directory.
Be sure to leave a comment if you know of a more elegant solution, or if you find this works or doesn’t work for you.
Best Answer
Emergency Fix
Whether or not this solution works, please try these steps first. You WILL be able to login which means you are on the right page. If you still could not login, your issue is most likely different than the one I'm posting, please proceed at your own risk.
xxx_core_config_data
table (xxx_ is the additional table prefix that you might have set during installation)web/cookie/cookie_domain
web/cookie/cookie_httponly
web/cookie/cookie_lifetime
web/cookie/cookie_path
That's it. Now, refresh your admin page and try logging in. It should work. If it does, now let's get to the crux of the problem.
The Issue
Most of the time, following the guide asks us to store the cookie domain as .domain.com which is expecting a sub-domain, but the store name is stored as
http://domain.com
as it's base URL.The Fix
There are two ways to fix this problem.
If you are not going to be using a subdomain for cookie storage, you can save the cookie domain settings in Stores -> Configuration -> Web -> Cookie Domain as (domain.com) without a preceding period and parentheses.
If you plan to make your store future-ready and allow subdomain cookie storage, you should set the Cookie Domain as (
.domain.com
) with a preceding period and without the parentheses. However, in your base URL underStores -> Configuration -> Web -> Base URL
, addwww
to your domain name such ashttp://www.domain.com
andhttps
in the secure base URL if you are using SSL (that you should).Additionally, other Cookie Settings are as such:
Cookie Lifetime
- 86400 (From my understanding, you don't need this and can leave it blank and check "use system value" because now Magento retains the session for security reasons).Cookie Path
- /Use HTTP Only
- YesCookie Restriction Mode
- Up to you. If you enable this, it will show the message on the front end asking the user's consent to store cookies.Note: Once again, this one is for my own future reference purposes and for anyone who might stumble into this frustration just like I did.