13

I tried it with jQuery:

$.cookie('test', 'value', { expires: 7, path: '/', domain: 'test.com' });

but it won't work.

it's possible to do?

GeertvdC
  • 2,758
  • 1
  • 22
  • 26
MissCc
  • 131
  • 1
  • 1
  • 3
  • 6
    I'm guessing it won't work for a very good set of reasons, not the least of which is that being able to spoof cookies from another domain is a gaping security hole. – David Jun 10 '11 at 12:34
  • I don't know if it's possible but I would be really surprised if you could! That would be a serious flaw! – Uphill_ What '1 Jun 10 '11 at 12:35
  • 2
    Can you do it using delphi from within the browser without the user being asked to execute an application on their local computer? Again, I'm guessing no. – David Jun 10 '11 at 12:37
  • 1
    There is a difference between code running in an application on your computer and code running in a webpage loaded from a website you visited. A big difference. – Quentin Jun 10 '11 at 12:37

3 Answers3

12

Nope, that will not work for security reasons.

alex
  • 479,566
  • 201
  • 878
  • 984
2

It is not possible to do due to security reasons.

if you are in control of the 2nd domain there are some options to share your cookies described already here: What's your favorite cross domain cookie sharing approach?

Community
  • 1
  • 1
GeertvdC
  • 2,758
  • 1
  • 22
  • 26
  • That still won't work unless there is some passing of state over GET (e.g. a nonce that identifies the user). – alex Jun 10 '11 at 12:37
  • @alex i edited my answer cause i didn't describe it properly. possibilities to share a cookie cross domain were already answered elsewhere so linked that question what is saying about the same thing as i meant :) – GeertvdC Jun 10 '11 at 13:08
1

Due to many people abusing it, most browsers block 3rd party either by default or by the user setting such a preference.

From Cookies:

Each cookie also has a domain and a path. The domain tells the browser to which domain the cookie should be sent. If you don't specify it, it becomes the domain of the page that sets the cookie, in the case of this page www.quirksmode.org. Please note that the purpose of the domain is to allow cookies to cross sub-domains. My cookie will not be read by search.quirksmode.org because its domain is www.quirksmode.org . When I set the domain to quirksmode.org, the search sub-domain may also read the cookie. I cannot set the cookie domain to a domain I'm not in, I cannot make the domain www.microsoft.com . Only quirksmode.org is allowed, in this case.

Naveed
  • 41,517
  • 32
  • 98
  • 131