A 1st domain makes a request to a 2nd domain using a URI including the name of the 2nd domain, a public path for the domains, and a cryptographically secure path generated by the 1st domain. The 2nd domain makes a request to the 1st domain using a URI including the name of the 1st domain, the pre-defined public path, and the cryptographically secure path. The 1st domain or the 2nd domain sets a cookie including a message (the cookie's path scope includes the pre-defined public path and the cryptographically secure path, the cookie's domain scope includes all sub-domains of the nearest common ancestor for the 1st and 2nd domains), and makes a request to the other domain using a URI including the name of the other domain, the pre-defined public path, and the cryptographically secure path, which causes a web browser to send the cookie to the other domain.