SitePoint Sponsor

User Tag List

Results 1 to 16 of 16
  1. #1
    SitePoint Addict aniltc's Avatar
    Join Date
    Nov 2006
    Location
    INDIA
    Posts
    399
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Angry cross-domain cookies

    hi

    whatt is cross-domain cookies?how can we implement this in php?

    please help me

  2. #2
    Sell crazy someplace else markl999's Avatar
    Join Date
    Aug 2003
    Location
    Manchester, UK
    Posts
    4,007
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Cross domain cookies are impossible but you can simulate them by having a shared place that the domains have access to and using that to read & write the cookie information between the other domains so you get the effect of cross domain cookies.

  3. #3
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,868
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    Cookies can only be set by code running on the same domain. To set a cookie on a different domain (a third party cookie) the code needs to come from that domain and be contained in an image or iframe.

    All sensible people have third party cookies disabled once they realise what advertisers use them for and so when you set it up that way it will only be the stupid poeple and beginners who don't know any better who have the cookie saved.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  4. #4
    SitePoint Wizard frank1's Avatar
    Join Date
    Oct 2005
    Posts
    1,392
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by markl999 View Post
    Cross domain cookies are impossible but you can simulate them by having a shared place that the domains have access to and using that to read & write the cookie information between the other domains so you get the effect of cross domain cookies.
    well suppose there is two domains and each domain writes cookie using there own url name..

    and at the time of giving permission cant we check for existence of cookie of either site..and do the task...i am talking in context of poll
    if there is cookie from either of the site then not allowed to vote

    can it be done?

  5. #5
    SitePoint Addict aniltc's Avatar
    Join Date
    Nov 2006
    Location
    INDIA
    Posts
    399
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    php?

    How can we do cross domain cookie technique in php?

    anybody done it?

  6. #6
    SitePoint Wizard bronze trophy Immerse's Avatar
    Join Date
    Mar 2006
    Location
    Netherlands
    Posts
    1,661
    Mentioned
    7 Post(s)
    Tagged
    1 Thread(s)
    No, cross-domain cookies do not exist.

    The only thing you could do is to use the same domain, but with different subdomains (e.g. site1.example.com and site2.example.com).

    Reading another site's cookies is impossible in PHP.

  7. #7
    SitePoint Addict aniltc's Avatar
    Join Date
    Nov 2006
    Location
    INDIA
    Posts
    399
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    But yahoo create a cookies for doubleclick.net?

    yahoo already proof that success to create multiple domain cookies

  8. #8
    SitePoint Wizard TheRedDevil's Avatar
    Join Date
    Sep 2004
    Location
    Norway
    Posts
    1,198
    Mentioned
    4 Post(s)
    Tagged
    1 Thread(s)
    x.com domain can not set cookied for y.com domain. The cookies are restricted to the domain that set it, unless you breach the security on your visitors computer.

    You can try to set a thirdparty cookie, by adding a image etc from a different domain and at the same time setting the cookie. The problem is as others has mentioned that people turn off thirdparty cookies as they are in 99&#37; of the cases used for ads and spam purposes.

    Instead of saying the same over and over again, why dont you go and read up on the cookie specifications?

  9. #9
    SitePoint Wizard bronze trophy Immerse's Avatar
    Join Date
    Mar 2006
    Location
    Netherlands
    Posts
    1,661
    Mentioned
    7 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by aniltc View Post
    But yahoo create a cookies for doubleclick.net?

    yahoo already proof that success to create multiple domain cookies
    No, doubleclick.net set that cookie themselves, using their advert images/ flash. Yahoo doesn't set it for them.

  10. #10
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,868
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    Any code embeded in a web page directly from another site can set a third party cookie for that other site on any computer where ther person is stupid enough or ignorant enough of security issues to have not disabled third party cookies. The page needs to be actually running a script on that remote site from the current page in order to do that. This can be done either using iframes or by using a remote hosted server side script that delivers the ad as an image after running the server side processing on their own site to attempt to set the third party cookie.

    There are three types of cookies.

    1. Session cookies are set by the current page and are accessible from any page within the same domain for as long as the browser remains open. Since they are never written out anywhere they are gone when the browser closes.

    2. First party cookies stored by the page being displayed. These are written to disk and are retained until the specified expiry date. Whether they are accessible from the whole domain, a specific sub-domain or a specific folder within the domain/sub-domain depends on the path and domain values set when saving the cookie.

    3. Third party cookies set from within iframes displaying content from other domains or from server side scripts called from other domains. These work the same way as for first party cookies except that they can only be accessed from code running on that remote domain. Since this allows them to be accessed from any page that includes code from that remote domain and since this form of remote link is usually used for displaying advertising, most people disable third party cookies in their browser as not doing so allows the advertisers to track their viewing habits across all the different sites that display their ads.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  11. #11
    SitePoint Addict aniltc's Avatar
    Join Date
    Nov 2006
    Location
    INDIA
    Posts
    399
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Angry

    Quote Originally Posted by felgall View Post

    Third party cookies set from within iframes displaying content from other domains or from server side scripts called from other domains. These work the same way as for first party cookies except that they can only be accessed from code running on that remote domain. Since this allows them to be accessed from any page that includes code from that remote domain and since this form of remote link is usually used for displaying advertising, most people disable third party cookies in their browser as not doing so allows the advertisers to track their viewing habits across all the different sites that display their ads.
    I am not getting what is third party cookies

    can we acess the cookies using other domains? i mean supppose i have a domain 'A' and a cookie has
    been created .The other domain is 'B' .is it poosible to read the cookie which is created by domain 'A' ?
    (if it is from same or diffrent servers)

  12. #12
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by aniltc View Post
    I am not getting what is third party cookies

    can we acess the cookies using other domains? i mean supppose i have a domain 'A' and a cookie has
    been created .The other domain is 'B' .is it poosible to read the cookie which is created by domain 'A' ?
    (if it is from same or diffrent servers)
    No

    If you need it more readable:
    NO
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  13. #13
    SitePoint Addict aniltc's Avatar
    Join Date
    Nov 2006
    Location
    INDIA
    Posts
    399
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    is it possible through javascript?

    I mean appending to URL ? is it possible to read the cookie using other domains from client machines using javascript?

  14. #14
    SitePoint Wizard silver trophybronze trophy Cups's Avatar
    Join Date
    Oct 2006
    Location
    France, deep rural.
    Posts
    6,869
    Mentioned
    17 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by aniltc View Post
    I mean appending to URL ? is it possible to read the cookie using other domains from client machines using javascript?
    That's describing a different scenario.

    Domiain1.com sets and read a cookie lets say its payload includes a key.

    id="123abcyeragit";

    then a page on domain can send this user to domain2 with either a POST value or a GET value like this:

    a href="domain2.com/users/getUser.php?k=123abcyeragit" >

    Domain2 can now read that key using the value of $_GET['k'] and then set its own cookie with id=123abcyeragit.

    There's all kind of security considerations using that system.

  15. #15
    SitePoint Addict aniltc's Avatar
    Join Date
    Nov 2006
    Location
    INDIA
    Posts
    399
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    what i am interested here ,is it possible to read the cookies using javascripts which is created by others ?

  16. #16
    SitePoint Wizard bronze trophy Immerse's Avatar
    Join Date
    Mar 2006
    Location
    Netherlands
    Posts
    1,661
    Mentioned
    7 Post(s)
    Tagged
    1 Thread(s)
    No. And although it may work in some strange cases (e.g. when using frames) this will hardly be dependable.

    Let's just keep it at the following: cookies are only available to the domain that set them.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •