Hi,

I wish to invoke a REST service from my Drupal site. This is working fine using the drupal_http_request function

$url="https://xxx.org/restservice.ashx";
$headers=array ('Content-Type'=>'text/xml');
$response=drupal_http_request($url, $headers, 'GET', NULL);

However, I need to pass a browser cookie to the REST service as a header, e.g. one that Firefox stores when I log into a particular (non-drupal) site.

These browser cookies are not included in the $_COOKIE array, however I can see it listed if I go to my Firefox browser and 'view all cookies'. Is there any way I can access a browser cookie and insert it into my drupal code as a property in the $headers array?

Thanks,
Deirdre

Comments

mitchmac’s picture

If the cookie is set by a server with a different domain name, for security reasons, the browser will not allow the server to interact with it.

deirdrelee’s picture

Is there some way that we can extend the cookie_domain to allow the server to interact with these 'external' cookies. Our scenario is that we have an external tool embedded on our website in an iFrame, and it is the cookies of this tool that we need to interact with.

Thanks for all your help.
D

scor’s picture

Say Drupal is the siteA, the other site hosting the REST service is siteB and you are logged into both of them. If you use drupal_http_request from siteA to siteB, your browser cookie will not be sent to siteB because it's the server (siteA) which sends the request and not your browser. However if you embed an iframe in the siteA which calls the siteB then your browser cookie will be sent to siteB.

There is no way your browser will send siteB's cookie to siteA unless there are on the same domain, otherwise that would be a security hole in the browser.

A solution would be to have both site hosted on the same root domain and one be a subdomain.

texas-bronius’s picture

Hi- Super-old question, but one to which I was looking for an answer as well. Passing client browser cookie to Drupal to serve to remote http GET and POST request is possible by mashing down and passing along the PHP-stored $_COOKIE value. I've written about it in more detail here:
http://www.bronius.com/pass-browser-cookie-values-drupal-http-request-us...

Good luck!
-Bronius

--
http://drupaltees.com
80s themed Drupal T-Shirts