0

I would like to know if it is possible to obtain information about the host address of the domain from which a cookie was created on my webpage?

I have this sittuation:

  1. I'am on "domain A", where I have a script linked from "domain B".
  2. On "domain B" a method is execuded that sets a cookie on my "domain A".

Is there any way to obtain information that the cookie was created from "domain B"?

I need precise information that the cookie originates from "domain B".

FEDEV
  • 1
  • 1
  • Welcome to StackOverflow! Step 2 should not be possible. How can one website create cookies on another website? What are the domain names of A and B? – Heiko Theißen Aug 07 '23 at 12:13
  • Ok, "website a" is any website where we use the code . On "website b" script generates 3 cookies that are saved on "website a" without any information about their source. Is it possible to obtain this information? – FEDEV Aug 07 '23 at 12:22
  • If you load a Javascript file from website B and know that this creates cookies then you already know that these cookies "come from website B". I don't understand your requirement. Technically, these cookies belong to website A, because B is not really a website, it's just Javascript code. – Heiko Theißen Aug 07 '23 at 12:26
  • I apologize for the misunderstanding. If there are multiple "websites b" / scripts then I want to know which exact script loaded the cookie on my "website a". – FEDEV Aug 07 '23 at 13:12
  • "*On "domain B" a method is execuded*" - no. You're still on domain A. What is executed and sets the cookie is the **script** that was originally loaded from domain B, but it's impossible to identify that after the fact. Either have the script cooperate (i.e. identify itself as domain B originating, exposing this info where you need it) or **don't load that script**. – Bergi Aug 07 '23 at 14:55

1 Answers1

0

Modified answer from here https://stackoverflow.com/a/48185552/2213309

<script type="text/javascript">
    function debugAccess(obj, prop, debugGet){
        Object.defineProperty(document, prop, {
            set: function(val) {
                let obj = {};
                try { Error.captureStackTrace(obj, val); }
                catch(e) { obj = e; } // this is needed to make it work in FF
                console.log (`cookie: "${val}"\nstack trace:\n${obj.stack.replace('Error', '')}`);
            }
        });
    debugAccess(document, 'cookie');
</script>

This should print something like the following to the console every time a piece of js code is writing a cookie.

cookie: "cookie=chocolate"
stack trace:
set@http://domain.a/test.html:16:17
@http://domain.b/script.js:1:1

The stack trace can be much longer but the last line should always refer to the initiator script.

The exact output depends on the browser.

flappix
  • 2,038
  • 17
  • 28