My task

site1.ru site provides a comment script (individually for each page) by link (suppose) http://www.site1.ru/comments.js (inside ajax requests are executed on site1.ru/comments.php where the address is sent from There is a request to take all the necessary comments that relate to the requested page).

The client enters to his site (on site2.ru )

 <script src="http://www.site1.ru/comments.js"></script> <div id="comments"></div> (сюда вписываются все комменты, которые предоставил сервер).

it works

  • Now the problem is:

Comment can only people who have been authorized on site1.ru .

As I am on site2.ru (and the request is sent via ajax), site1.ru does not see the cookies necessary for it to verify authorization.

How can you solve a problem optimally, without pain?

PS: I googled and read a lot of sites, half talk about communication between site2-> site1, while others talk about OpenID adaptation (if I don’t have a simple solution, I'll do it).

PPS: sql authorization verification script (i.e. I need only one unfortunate cookie):

 SELECT count(`id`) as `count` FROM `users` WHERE hash = $_COOKIE['cookie_hash'] LIMIT 1
  • I have one question. What is the difficulty with ajax on site №1 ? Why it is impossible to generate content directly with the php script? In general, if a request is sent from site 2 to site 1 via php, then it is possible in this parameter to specify whether the user is authorized or not - Alexey Shimansky
  • Content generates a PHP script on the server side, ajax is needed to call this PHP itself. A maximum user comment is sent from site 2. The point is in the PHP script itself that does not see ['cookie_hash']. - user3354039
  • $_COOKIE['cookie_hash'] Is this a type of variable from site №2 ? ... You didn’t understand me with Ajax ... why should I write Ajax, when you can immediately send a poll to the server and get an answer from him. example: https://api.vk.com/method/users.get?user_ids=1 . Than to pull the page, she pulls the server, the server goes to the page, and the page gives the content. Is it crazy? - Alexey Shimansky
  • $ _COOKIE ['cookie_hash'] is what determines whether I am authorized on site # 1. Best example: vk.com/dev/Comments , or rather this is what I try to do. Here you also set the js script, the js script refers to the server that sorts everything and then everything goes to the output. I apologize if I do not quite correctly answer your question, maybe I’m dumb, I sit on this task for a few days. - user3354039
  • corrected the problem - the cookie is lost because the request is sent via ajax. If I set for example iframe, then the cookies are visible. - user3354039

1 answer 1

If your cross-domain AJAX request is correctly executed, then this is JSONP . With this technology, the recipient of the request "site1" will have access to all cookies, just as with a request via the frame.

I recommend to start testing with the simplest script. And make sure that the visitor "site2" has cookies on "site1".

  • XMLHttpRequests is used. Because I load the usual js script, without jquery (so as not to force the client to add additional scripts). - user3354039
  • XMLHttpRequests does not support cross-domain requests. - LV426
  • For cross-domain queries, JSONP is used. Cookies will be available. - LV426