cross-domain cookies?

[yawnmoth]

If running off of the local filesystem, in Firefox, or if the security
settings are set appropriately, in Internet Exporer, XmlHttpRequests
can be sent to any domain of your chosing. But what about cookies?
Can cookies be accessed for any domain of your chosing?

For example, although www.domaina.tld can't access cookies for
www.domainb.tld, can c:\ access cookies for www.domainb.tld?

The way cookies are accessed in javascript (document.cookies) would
suggest not, but I just wanted to make sure. Thanks.

 

[Randy Webb]

yawnmoth said the following on 6/12/2006 3:18 AM:

If running off of the local filesystem, in Firefox, or if the security
settings are set appropriately, in Internet Exporer, XmlHttpRequests
can be sent to any domain of your chosing. But what about cookies?

Probably not. Did you test it?

Can cookies be accessed for any domain of your chosing?

Probably not. Did you test it?

For example, although www.domaina.tld can't access cookies for
www.domainb.tld, can c:\ access cookies for www.domainb.tld?

Probably not. Did you test it?

The way cookies are accessed in javascript (document.cookies) would
suggest not, but I just wanted to make sure. Thanks.

No, and testing it would have shown it.

 

[yawnmoth]

yawnmoth said the following on 6/12/2006 3:18 AM:

Probably not. Did you test it?


Probably not. Did you test it?


Probably not. Did you test it?


No, and testing it would have shown it.

All testing would do is show that document.cookies doesn't work. As
far as I know (or knew, or whatever) there are other ways. But who
knows - maybe you're familiar with some testing procedure that'll
eliminate the possiblity of other approaches? If so, I'd certainly be
interested in knowing what it is. 'cause being able to test A to
confirm whether or not B and C work, without even knowing what B and C
are, would be convenient.

 

[Randy Webb]

yawnmoth said the following on 6/12/2006 2:40 PM:

All testing would do is show that document.cookies doesn't work.

And that was your question wasn't it? Would c:\ be able to access
cookies from a domain and the answer is no.

As far as I know (or knew, or whatever) there are other ways.

To get a cookie from a domain from c:\? No. You fall into the security
zone/issues.

But who knows - maybe you're familiar with some testing procedure that'll
eliminate the possiblity of other approaches? If so, I'd certainly be
interested in knowing what it is. 'cause being able to test A to
confirm whether or not B and C work, without even knowing what B and C
are, would be convenient.

The only way to tell you how to test whether something "works" or not is
to know what you are trying to do. As for reading cookies, you can't
read them.

Is there some other issue or effect you are trying to create by trying
to read the cookies or just wanting to read the cookies?

 

[pegasusflightresources]

If running off of the local filesystem, in Firefox, or if the security
settings are set appropriately, in Internet Exporer, XmlHttpRequests
can be sent to any domain of your chosing. But what about cookies?
Can cookies be accessed for any domain of your chosing?

For example, although www.domaina.tld can't access cookies for
www.domainb.tld, can c:\ access cookies for www.domainb.tld?

The way cookies are accessed in javascript (document.cookies) would
suggest not, but I just wanted to make sure. Thanks.

Dear sir,
If you speak of accessing cookies remotely, then no you cannot access a
cookie from another domain. If you are speaking of accessing the
cookies from the computer using local hard drives, then not exactly, as
you will be forced to figure out a way to unescape the cookie without
using JavaScript (JavaScript wouldn't work because you are trying to do
the process locally, and JavaScript would probably run into the same
domain access problem.) If you wish to access a cookie, the closest
you will get is to go to the folder C:\Documents and
Settings\*yourusername*\Cookies\ replacing the *yourusername*
with your user name. In this case, you will find yourself opening up
the cookies with Notepad, and they will remain unreadable because they
are still escaped. I don't know of any local unescaping freeware, but
you can search for it.

I have the honor to remain your most humble and Ob't Sv't in our war
against the King.