PHPackages richardhj/contao-crossdomaincookies - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. richardhj/contao-crossdomaincookies ActiveContao-module richardhj/contao-crossdomaincookies =================================== v0.9.0(8y ago)012[1 issues](https://github.com/richardhj/contao-crossdomaincookies/issues)LGPL-3.0+PHPPHP ^5.4 || ^7.0 Since Sep 18Pushed 8y ago1 watchersCompare [ Source](https://github.com/richardhj/contao-crossdomaincookies)[ Packagist](https://packagist.org/packages/richardhj/contao-crossdomaincookies)[ RSS](/packages/richardhj-contao-crossdomaincookies/feed)WikiDiscussions master Synced 2d ago READMEChangelog (1)Dependencies (4)Versions (2)Used By (0) Contao CrossDomainCookies ========================= [](#contao-crossdomaincookies) [![Latest Version on Packagist](https://camo.githubusercontent.com/a3b0b36212c62e76e3e4de1ba0a735abe10ae8cb1b287a75a5404ff6da972ebb/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f72696368617264686a2f636f6e74616f2d63726f7373646f6d61696e636f6f6b6965732e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/richardhj/contao-crossdomaincookies)![Software License](https://camo.githubusercontent.com/2bc95db9d4d6b319fe40fe1a46431a18f9684b30d516775115c5d0df6aa3e9b4/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4c47504c2d627269676874677265656e2e7376673f7374796c653d666c61742d737175617265)[![Dependency Status](https://camo.githubusercontent.com/05e71c8296586bfe8c0a174a18de310d13ff068656f0978fef57b36be3398107/68747470733a2f2f7777772e76657273696f6e6579652e636f6d2f7068702f72696368617264686a3a636f6e74616f2d63726f7373646f6d61696e636f6f6b6965732f62616467652e7376673f7374796c653d666c61742d737175617265)](https://www.versioneye.com/php/richardhj:contao-crossdomaincookies) Cross-link between pages with different domain names of a Contao installation—and keep certain cookies alive. It will be possible to handle a member authentication between multiple domains. Or the isotope cart. Install ------- [](#install) Via composer ``` $ composer require richardhj/contao-crossdomaincookies ``` Usage ----- [](#usage) - Make sure that all domains used in the Contao installation are set in the "dns" field of the root pages. - The user has to click a link in order to fetch the cookies of the site (he/she originally logged in). Include the link with an InsertTag. InsertTags ---------- [](#inserttags) InsertTagDescriptionExample`{{link_url_cdc::99}}`Url to other site`https://site-b.local?t=0000…``{{link_open_cdc::99}}`Link opening tag linking to the other site```{{link_close}}`Link closing tag (Contao core)``Make sure to replace `99` with the id or alias of the other page. How it works ------------ [](#how-it-works) Page A and Page B are part of one Contao installation. When hyperlinking from Page A to Page B, the link looks like `https://page-b.local/?o=page-a.local&t=zyxitopjfsetbjjutwsdf` As you can see, two get parameters are added to the page uri: ParameterRoleoThe page redirected from and the origin of the cookies (where the cookies will be fetched from)tA token, just for security purposesWhen being on Page B—and the get parameters are present—, a javascript will be included. This script will create the cookies on Page B. The script will get loaded from `https://page-a.local`, therefore the cookies are the ones present on Page A. The javascript looks like ``` document.cookie = "FE_USER_AUTH=; expires=Sun, 10 Sep 2017 17:34:31 GMT; path=/"; document.cookie = "FE_AUTO_LOGIN=abcdefghijklmnopqr; expires=Mon, 11 Dec 2017 17:34:31 GMT; path=/"; ``` That's the magic behind cross domain cookies. Security -------- [](#security) A few words about the security and vulnerability: The extension automatically loads a javascript from a site that is given as a get parameter. The get parameter can be easily modified and this extension would be a great example for XSS-vulnerably in practice. So this extension needs to check that the url given as get parameter is part of the Contao installation. So before including the javascript from the other domain, it verifies that the other domain can be found in the "dns" fields of the root pages of the Contao installation. In order to handle the authentication cross-domain, this extension activates auto\_login ("Remember me") for the particular user. That means, that the user will not get logged out by closing the window, which is the default behavior. This is because Contao checks the auth cookie against the session\_id which is bound to a cookie as well and will therefore change on the other domain. This might be a problem for websites with sensible data and users who forget to log out. To keep the problem down, the auto\_login cookie will expire after a few time. License ------- [](#license) The GNU Lesser General Public License (LGPL). Feel free to contribute. ### Health Score 22 — LowBetter than 22% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity5 Limited adoption so far Community7 Small or concentrated contributor base Maturity48 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 3159d ago ### Community Maintainers ![](https://avatars.githubusercontent.com/u/1284725?v=4)[Richard Henkenjohann](/maintainers/richardhj)[@richardhj](https://github.com/richardhj) --- Top Contributors [![richardhj](https://avatars.githubusercontent.com/u/1284725?v=4)](https://github.com/richardhj "richardhj (25 commits)") --- Tags contao ### Embed Badge ![Health badge](/badges/richardhj-contao-crossdomaincookies/health.svg) ``` [![Health](https://phpackages.com/badges/richardhj-contao-crossdomaincookies/health.svg)](https://phpackages.com/packages/richardhj-contao-crossdomaincookies) ``` ### Alternatives [codefog/contao-haste haste extension for Contao Open Source CMS 42650.8k139](/packages/codefog-contao-haste)[contao-community-alliance/dc-general Universal data container for Contao 1578.3k86](/packages/contao-community-alliance-dc-general)[codefog/contao-news_categories News Categories bundle for Contao Open Source CMS 3183.3k6](/packages/codefog-contao-news-categories)[terminal42/contao-node Node bundle for Contao Open Source CMS 3172.5k4](/packages/terminal42-contao-node)[terminal42/dcawizard dcaWizard extension for Contao Open Source CMS 10370.7k15](/packages/terminal42-dcawizard) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)