0

i've a question about cookie and domains.

Suppose I drop a cookie to a user from domain www.firstdomain.com. Suppose the user visits another page under the domain: www.seconddomain.com. How can I access to my cookie previously set from this page? I know that access to a cookie with domain=firstdomain from a domain=seconddomain is not possible, but if I've the possibility to use an iframe on the page www.seconddomain.com and I load the iframe from www.firstdomain.com/something, then can I access to my cookie?

Thank in advance,

Alessio

display-name-is-missing
  • 4,424
  • 5
  • 28
  • 41
AlessioG
  • 576
  • 5
  • 13
  • 32
  • possible duplicate of [PHP read a cookie that is on another domain](http://stackoverflow.com/questions/2919968/php-read-a-cookie-that-is-on-another-domain) – Nick R Feb 17 '14 at 13:58
  • Hi @NickR, I've read previously the question you've indicated but there's no mention to iframe. I want to know whether my solution is plausible. – AlessioG Feb 17 '14 at 14:02

1 Answers1

1

You are flying in the face of internet security and privacy - so while it is possible to do this today you need to anticipate some issues in the future.

It is possible to implement javascript handlers to set and get values from a cookie and the call from different iframes. This I expect is the safest route.

The iframe would have to consent by implementing helper functions to perform these tasks so things remain controlled.

The iFrame would have permission to read the cookie and then can communicate to the parent iframe using a call to the parent window.

An example is here: How to Call Parent Window JavaScript Function inside iframe

Community
  • 1
  • 1
BillyBigPotatoes
  • 1,330
  • 11
  • 23
  • Hi Billy, thanks for your answer. Ok, so you're saying that my solution isn't safe but in the end currently it can work? – AlessioG Feb 17 '14 at 14:07
  • Yes it can work today - as it is possible to pass messages between iframes and as long as one of the iframes is loaded from the correct domain it can have access to the cookie. – BillyBigPotatoes Feb 17 '14 at 14:14