I’m trying to set a same cookie on a website A and a website B.
I’m using xhr to send a request from the website A to the website B.
Here’s the code that I use:
JS code from the website A:
var xhr = new XMLHttpRequest();
xhr.open('GET', 'https://websiteb.com/?sessid=<?php echo session_id(); ?>', true);
xhr.withCredentials = true;
xhr.send(null);
PHP code from the website B:
header("Access-Control-Allow-Credentials: true");
header("Access-Control-Allow-Headers: Set-Cookie");
header("Access-Control-Allow-Origin: https://websiteA.tld");
header('Content-Type: application/json');
setcookie('PHPSESSID', $_GET['sessid'], array(
'expires' => time() + $cookielifetime,
'path' => '/',
'secure' => true,
'httponly' => false,
'SameSite' => 'None'
));
From my home computer (using Google Chrome Canary) it works.
But from my laptop (and my friend’s laptop), the cookie’s not set.
I tried to send a postman post request to see if the cookie would be set, but I only get the website A’s cookie.
Is there somebody here that can help me (or can tell me how I can set a cookie on a different domain)?