cross-domain cookies?

Discussion in 'Javascript' started by yawnmoth, Jun 12, 2006.

  1. yawnmoth

    yawnmoth Guest

    If running off of the local filesystem, in Firefox, or if the security
    settings are set appropriately, in Internet Exporer, XmlHttpRequests
    can be sent to any domain of your chosing. But what about cookies?
    Can cookies be accessed for any domain of your chosing?

    For example, although www.domaina.tld can't access cookies for
    www.domainb.tld, can c:\ access cookies for www.domainb.tld?

    The way cookies are accessed in javascript (document.cookies) would
    suggest not, but I just wanted to make sure. Thanks.
    yawnmoth, Jun 12, 2006
    #1
    1. Advertising

  2. yawnmoth

    Randy Webb Guest

    yawnmoth said the following on 6/12/2006 3:18 AM:
    > If running off of the local filesystem, in Firefox, or if the security
    > settings are set appropriately, in Internet Exporer, XmlHttpRequests
    > can be sent to any domain of your chosing. But what about cookies?


    Probably not. Did you test it?

    > Can cookies be accessed for any domain of your chosing?


    Probably not. Did you test it?

    > For example, although www.domaina.tld can't access cookies for
    > www.domainb.tld, can c:\ access cookies for www.domainb.tld?


    Probably not. Did you test it?

    > The way cookies are accessed in javascript (document.cookies) would
    > suggest not, but I just wanted to make sure. Thanks.


    No, and testing it would have shown it.

    --
    Randy
    comp.lang.javascript FAQ - http://jibbering.com/faq & newsgroup weekly
    Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/
    Randy Webb, Jun 12, 2006
    #2
    1. Advertising

  3. yawnmoth

    yawnmoth Guest

    Randy Webb wrote:
    > yawnmoth said the following on 6/12/2006 3:18 AM:
    > > If running off of the local filesystem, in Firefox, or if the security
    > > settings are set appropriately, in Internet Exporer, XmlHttpRequests
    > > can be sent to any domain of your chosing. But what about cookies?

    >
    > Probably not. Did you test it?
    >
    > > Can cookies be accessed for any domain of your chosing?

    >
    > Probably not. Did you test it?
    >
    > > For example, although www.domaina.tld can't access cookies for
    > > www.domainb.tld, can c:\ access cookies for www.domainb.tld?

    >
    > Probably not. Did you test it?
    >
    > > The way cookies are accessed in javascript (document.cookies) would
    > > suggest not, but I just wanted to make sure. Thanks.

    >
    > No, and testing it would have shown it.

    All testing would do is show that document.cookies doesn't work. As
    far as I know (or knew, or whatever) there are other ways. But who
    knows - maybe you're familiar with some testing procedure that'll
    eliminate the possiblity of other approaches? If so, I'd certainly be
    interested in knowing what it is. 'cause being able to test A to
    confirm whether or not B and C work, without even knowing what B and C
    are, would be convenient.
    yawnmoth, Jun 12, 2006
    #3
  4. yawnmoth

    Randy Webb Guest

    yawnmoth said the following on 6/12/2006 2:40 PM:
    > Randy Webb wrote:
    >> yawnmoth said the following on 6/12/2006 3:18 AM:
    >>> If running off of the local filesystem, in Firefox, or if the security
    >>> settings are set appropriately, in Internet Exporer, XmlHttpRequests
    >>> can be sent to any domain of your chosing. But what about cookies?

    >> Probably not. Did you test it?
    >>
    >>> Can cookies be accessed for any domain of your chosing?

    >> Probably not. Did you test it?
    >>
    >>> For example, although www.domaina.tld can't access cookies for
    >>> www.domainb.tld, can c:\ access cookies for www.domainb.tld?

    >> Probably not. Did you test it?
    >>
    >>> The way cookies are accessed in javascript (document.cookies) would
    >>> suggest not, but I just wanted to make sure. Thanks.

    >> No, and testing it would have shown it.

    > All testing would do is show that document.cookies doesn't work.


    And that was your question wasn't it? Would c:\ be able to access
    cookies from a domain and the answer is no.

    > As far as I know (or knew, or whatever) there are other ways.


    To get a cookie from a domain from c:\? No. You fall into the security
    zone/issues.

    > But who knows - maybe you're familiar with some testing procedure that'll
    > eliminate the possiblity of other approaches? If so, I'd certainly be
    > interested in knowing what it is. 'cause being able to test A to
    > confirm whether or not B and C work, without even knowing what B and C
    > are, would be convenient.


    The only way to tell you how to test whether something "works" or not is
    to know what you are trying to do. As for reading cookies, you can't
    read them.

    Is there some other issue or effect you are trying to create by trying
    to read the cookies or just wanting to read the cookies?

    --
    Randy
    comp.lang.javascript FAQ - http://jibbering.com/faq & newsgroup weekly
    Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/
    Randy Webb, Jun 13, 2006
    #4
  5. yawnmoth

    Guest

    yawnmoth wrote:
    > If running off of the local filesystem, in Firefox, or if the security
    > settings are set appropriately, in Internet Exporer, XmlHttpRequests
    > can be sent to any domain of your chosing. But what about cookies?
    > Can cookies be accessed for any domain of your chosing?
    >
    > For example, although www.domaina.tld can't access cookies for
    > www.domainb.tld, can c:\ access cookies for www.domainb.tld?
    >
    > The way cookies are accessed in javascript (document.cookies) would
    > suggest not, but I just wanted to make sure. Thanks.


    Dear sir,
    If you speak of accessing cookies remotely, then no you cannot access a
    cookie from another domain. If you are speaking of accessing the
    cookies from the computer using local hard drives, then not exactly, as
    you will be forced to figure out a way to unescape the cookie without
    using JavaScript (JavaScript wouldn't work because you are trying to do
    the process locally, and JavaScript would probably run into the same
    domain access problem.) If you wish to access a cookie, the closest
    you will get is to go to the folder C:\Documents and
    Settings\*yourusername*\Cookies\ replacing the *yourusername*
    with your user name. In this case, you will find yourself opening up
    the cookies with Notepad, and they will remain unreadable because they
    are still escaped. I don't know of any local unescaping freeware, but
    you can search for it.

    I have the honor to remain your most humble and Ob't Sv't in our war
    against the King.

    --
    Patrick Reilly
    1st Coy.
    Colonel Seth Warner's Regiment
    , Jun 13, 2006
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    1
    Views:
    3,454
    CyberOwl
    Sep 7, 2009
  2. Martin Doyle

    Cross-domain cookie synchronisation

    Martin Doyle, Apr 20, 2005, in forum: Java
    Replies:
    0
    Views:
    897
    Martin Doyle
    Apr 20, 2005
  3. Replies:
    0
    Views:
    338
  4. _Who
    Replies:
    7
    Views:
    2,653
  5. Buzby

    newbie: setting cross domain cookies

    Buzby, Feb 24, 2005, in forum: Javascript
    Replies:
    2
    Views:
    441
    Buzby
    Feb 24, 2005
Loading...

Share This Page