Donald Canton said:
Hi,
I just changed my browser settings to override automatic cookie
handling and block all third party cookies. Now I'm curious. How are
third party cookies allowed in the first place? I thought only the
domain of the web site visited could store and retrieve cookies?
-dc
Are you sure its a third party cookie? I thought my idea was unique, but
its not - I've seen it somewhere else... I've not proven this myself, but
my little Javascript makes me *believe* this is possible...
When createing a cookie, you can pass it your domain name. Thus (I
*believe) if you are site abc.com, you can create a cookie for def.com -
Once abc.com has planted the def.com cookie, then abc.com cannot re-read or
change it - only def.com can.
Some websites to this that might for example, have one website offering you
access to partner websites (on different domains). The website you log on
to could create a cookie for each of the other partner websites to
acknowledge that you have logged on successfully with them.
An alternative method (which I have not tried) is a javascript on a third
party server (for example
http://def.com/example.js) could be executed from
within html from
http://abc.com/page.html This *might* permit the example.js
script to plant a cookie...
Perhaps someone might be able to comment on what I've said above - I know
the rough limitations of cookies but do believe the above could be
workarounds for some solutions.
Hope that gives you some insight to a solution and I'd be interested if you
have better Javascript skills than mine to give the above a try...
