By default, the domain names which have the same second level domain can share the cookies. Like:
By adding the “p3p” info in HTTP header, the cookie set by a website is able to be accessed by the other website.
The following content is not about cross domain cookie, but about cross domain data access.
- Define a callback function like below:
1 2 3
- Send an HTTP request like “http://www.websiteb.com/sample.aspx?callback=mycallback” to website B, if website B supports “jsonp” it will return the following content INSIDE a “<script>” tag:
With JQuery, this is more easier:
1 2 3 4 5 6 7 8
1 2 3 4
For the “taobao.com/tmall.com” case, they use the following solution to get user cookie data accross domains in “jsonp” way:
Create a server side API(https://www.taobao.com/go/app/tmall/login-api.php?0.6783450077710154) to return your local cookies.
Go back to the ”same origin policy”: if it allows to return “<script>” content, forbidding other data form transportation is unreasonable, since script is a form of data, and data can be part of script.