I’ve spent the last few days re-writing our login process to handle a switch to using a third-party server for user tracking. Specifically, where before the login and tracking was handled by the same domain, now the login is processed at one domain but the tracking cookie is served on a subdomain (for technical reasons that aren’t really important here).
document.domain = 'mydomain.com';
…tells them both to use the same domain.
Just thinking of the hours I’ve wasted trying to work around these problems, when the fix was so simple, makes me want to cry. Hey ho.
FYI it only works when the domain is the same — you couldn’t use this to allow communication between frames from, say www.mydomain.com and www.yourdomain.com.
[* The third-party cookie problem with IE also required setting a compact domain policy.]