How to set a cookie for another domain

Say I have a website called, and when a specific page of this site is loaded, say page link, I like to set a cookie for another site called, then redirect the user to

I mean, on load of I want to set a cookie for and redirect user to

I tested it, and browser actually received the cookie from, but it didn't send that cookie on the redirection request to Is it normal?

Can we set cookies for other domains?

You cannot set cookies for another domain. Allowing this would present an enormous security flaw.

You need to get to set the cookie. If redirect the user to

The setcookie script could contain the following to set the cookie and redirect to the correct page on

    setcookie('a', $_GET['c']);

Similar to the top answer, but instead of redirecting to the page and back again which will cause a bad user experience you can set an image on domain A.

<img src="" style="display:none;">

And then on domain B that is in cookie.php you'll have the following code:

    setcookie('a', $_GET['val']);

Hattip to Subin

Probaly you can use Iframe for this. Facebook probably uses this technique. You can read more on this here. Stackoverflow uses similar technique, but with HTML5 local storage, more on this on their blog

Setting cookies for another domain is not possible.

If you want to pass data to another domain, you can encode this into the url.  -> (and set cookie) ->

You can't, at least not directly. That would be a nasty security risk.

While you can specify a Domain attribute, the specification says "The user agent will reject cookies unless the Domain attribute specifies a scope for the cookie that would include the origin server."

Since the origin server is and that does not include, it can't be set.

You would need to get to set the cookie instead. You could do this via (for example) HTTP redirects to and back.

In case you have and instead of just and you can issue a cookie for domain - it will be accepted and sent to both of the domains.

see RFC6265:

The user agent will reject cookies unless the Domain attribute specifies a scope for the cookie that would include the origin server. For example, the user agent will accept a cookie with a Domain attribute of "" or of "" from, but the user agent will not accept a cookie with a Domain attribute of "" or of "".

NOTE: For security reasons, many user agents are configured to reject Domain attributes that correspond to "public suffixes". For example, some user agents will reject Domain attributes of "com" or "". (See Section 5.3 for more information.)

But the above mentioned workaround with image/iframe works, though it's not recommended due to its insecurity.

You can't, but... If you own both pages then...

1) You can send the data via query params (

2) You can create an iframe of Site B inside site A and you can send post messages from one place to the other. As Site B is the owner of site B cookies it will be able to set whatever value you need by processing the correct post message. (You should prevent other unwanted senders to send messages to you! that is up to you and the mechanism you decide to use to prevent that from happening)

In this link, we will find the solution Link.

setcookie("TestCookie", "", time() - 3600, "/~rasmus/", "", 1);

Send a POST request from A. Post requests are on the serverside only and can't be accessed by the client.

You can send a POST request from to using CURL (recommended, serverside) or a hidden method="POST" form (clientside). If you go for the latter, you might want to obfuscate your JavaScript so that the user won't be able to understand the algorithm and interfere with it.

Make a gateway on to set cookies:

    if (isset($_POST['data']) {
        setcookie('a', $_POST['data']);

If you want to bring security a step further, implement a function on both sides ( and to encrypt (on and decrypt (on data using a cryptographic cypher.

If you're trying to do something that must be absolutely secure (e.g. transfer a login session) try oAuth or take some inspiration from