OK, so I have a domain at affiliatedomain.com, which is really just an affiliate version of my main website maindomain.com.
We have a requirement to set the maindomain.com cookies on the users browser upon their first visit to affiliatedomain.com. This is currently achieved by a server side 302 redirect to maindomain.com/addcookie?redirect=affiliatedomain.com which then does a 301 redirect back to affiliatedomain.com.
This is obviously not ideal for a few reasons, a) because it performs unnecessary client redirects, and b) it leaves maindomain.com open for url redirecting security vulnerabilities.
I’ve looked into achieving this through XHR by just performing a javascript GET on maindomain.com, but this requires Access-Control-Allow-Origin to be switched on, which isn’t supported by all versions of IE (we need to support IE6 and 7).
Therefore is there any way to achieve this requirement? I’ve looked into JSONP but not too sure how I can implement it using this method.
I’ve found a way to do this. I’ve set up a controller action on maindomain.com to return an ActionResult of type JavaScript() with endpoint maindomain.com/setcookie.mvc. Then from affiliatedomain.com I added a tag pointing at this endpoint.
The client will then perform a GET to the setcookie.mvc page (since the same domain policy doesn’t apply to tags), and this will in turn allow me to perform any server-side cookie logic I require.