Getting setting cookies on different domains, with javascript or other
You could inject a script element into HEAD of the document with a callback that passes the cookie you need to whatever function needs it.
Something like:
<script type="text/javascript">
var newfile=document.createElement('script');
newfile.setAttribute("type","text/javascript");
newfile.setAttribute("src", 'http://first.com/doAjax?getCookie&callback=passCookie');
document.getElementsByTagName("head")[0].appendChild(newfile);
</script>
And the page first.com/doAjax?getCookie could do this:
passCookie({'name':'mycookie', 'value':'myvalue'});
Related videos on Youtube
Luca Matteis
http://scholar.google.com/citations?user=4shOPsgAAAAJ&hl=en
Updated on July 09, 2022Comments
-
Luca Matteis almost 2 years
Haven't been able to find anything particular to this situation online so here i go... I need to set/get the cookies stored at "first.com" while browsing "second.com", I have full access of "first.com" but i only have javascript access (can manipulate the DOM as i want) on "second.com".
My first approach was to create an iframe on second.com (with js) that loaded a page like "first.com/doAjax?setCookie=xxx" and that did an ajax call to say "first.com/setCookie?cookieData=xxx" which would set the cookie on "first.com" with the data we passed around.
That pretty much worked fine for setting the cookie on first.com from second.com - for getting a cookie I basically followed the same procedure, created the iframe that loaded "first.com/doAjax?getCookie" and that would do an ajax call to say "first.com/getCookie" which would read the cookie info on first.com and return it as a JSON object.
The problem is that I'm unable to bring that JSON cookie object back to "second.com" so I can read it, well maybe i could just bring it when the Ajax call is complete using "window.top" but there's timing issues because its not relative to when the iframe has been loaded. I hope i am clear and was wondering if there's an easier solution rather than this crazy iframe->ajax crap, also seems like this wont even work for getting cookies in SAFARI.
-
Ryan Doherty over 15 yearsJust a note that this is really insecure as anyone could set and get cookies for first.com
-
Pacerier about 12 years@Luca And if the user had third-party cookies disabled, you won't even be able to set the cookie in the iframe in the first place.
-
-
Luca Matteis over 15 yearsI cant use the script tag to read cookies from a different domain, right? I need to actually be on first.com to actually read its cookies, i cant just add a script tag to second.com to get the cookieData... therefore i need to use an iframe, or i dont know... Maybe i didnt understand your answer, let me know.
-
Ryan Doherty over 15 yearsYou aren't technically using a script tag to read the cookie values, the script is included into your page, therefore it is in the same scope and can call any function on second.com
-
Luca Matteis over 15 yearsOkay, but the script tag evaluates itself on second.com, therefore reading the cookies from second.com, not first.com
-
Ryan Doherty over 15 yearsYes, it is evaluated, but the contents of the script is generated on first.com, therefore it can pass the cookie values to second.com
-
Luca Matteis over 15 yearswhat really? does that work for setting cookies as well? is it cross-browser?
-
Luca Matteis over 15 yearsNow I know the result of the script tag gets evaluated in the global scope, but what if im returning plain JSON like {"one":"hi"}, how am i suppose to call that if its in the global scope... i guess I could name the object like var myData = {"one":"hi"}, but maybe there's a better solution.
-
Luca Matteis over 15 yearsApparently this method only works in Firefox, i tested it in Safari and IE6, both didnt seem to be able to set/get cookies...
-
Luca Matteis over 15 yearsLike i said above, this by the way only works in Firefox... any ideas?
-
Ryan Doherty over 15 yearsI have no idea what's going on, you'll need to do more debugging.
-
Luca Matteis over 15 yearsIm able to GET cookies fine with the method provided by Ryan Doherty, it seems like it SETs cookies as well on most of the browser except Safari.
-
Volomike over 11 yearsThis didn't work for me. I received the response in Chrome: XMLHttpRequest cannot load second.com/test.php. Origin first.com is not allowed by Access-Control-Allow-Origin.
-
Stephan over 9 years@LucaMatteis ... as long as CORS (dev.w3.org/2006/waf/access-control) is not enabled.
-
germs12 over 9 yearsThat's a CORS issue. Unrelated to the cookie issue.