13

Suppose i have a cookie set in first.com say user. Now i want to read that cookie in second.com through javascript and ajax. But it is not working.I have got xmlHttp.status=0.

sample code

in the second domain readcookie.php file

var xmlHttp;
    function createXMLHttpRequest(){
        if(window.ActiveXObject)
            xmlHttp=new ActiveXObject("Microsoft.XMLHTTP");
        if(window.XMLHttpRequest)
            xmlHttp=new XMLHttpRequest();
    }
    function readcookie(){

        createXMLHttpRequest(); 
        xmlHttp.open("GET","http://www.first.com/cookie.php",true);
        xmlHttp.onreadystatechange=getcookie;
        xmlHttp.send(null);
    }
    function getcookie(){
        if(xmlHttp.readyState==4){
            if(xmlHttp.status==200){
                var reply=xmlHttp.responseText;
                if(reply){
                    alert(reply);
                }
            }
            else
                alert(xmlHttp.status);
        }
    }

in the first domain cookie.php file

if(isset($_COOKIE['user'])){
        echo $_COOKIE['user'];
    }
    else{
        setcookie('user','a2345',0);
        echo $_COOKIE['user'];
    }
manashb
  • 179
  • 1
  • 1
  • 12
  • take a look at http://stackoverflow.com/questions/402348/getting-setting-cookies-on-different-domains-with-javascript-or-other – Nobita Jan 12 '12 at 11:39
  • Can we arrange that first.com specify that it's cookies can be read by second.com? – user4951 Dec 10 '13 at 13:37

2 Answers2

17

You can't read cookies from another domain - end of.

The only way I can think of is to add some code to the 2nd domain that gets the cookies for you and then to place this in a page on the 1st domain, in an iframe.

You obviously need full access to both domains to be able to do this kind of thing.

Reinstate Monica Cellio
  • 25,975
  • 6
  • 51
  • 67
  • why is that we cant read cookies from another domain using Scripting languages? – Pratik Jan 12 '12 at 11:40
  • 5
    For security reasons. If you could read cookies from other domains then every site you visit would have access to every cookie on your PC. – Reinstate Monica Cellio Jan 12 '12 at 11:41
  • Well "security reasons" is fine. But I guess we can access pro grammatically access other cookies using some of scripting languages or ActiveX sort of things for sure! – Pratik Jan 12 '12 at 11:43
  • You can only access cookies from the domain to which they belong. If you have access to the 2nd domain then you can create a script that gets the values for you and use that. The only way to do it is if you have access to the 2nd domain. – Reinstate Monica Cellio Jan 12 '12 at 11:53
  • See the link from Nobita above - it's exactly what I'm talking about. – Reinstate Monica Cellio Jan 12 '12 at 11:54
  • let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/6648/discussion-between-pratik-and-archer) – Pratik Jan 12 '12 at 12:02
  • @Archer i have access to both domain. so is there any problem in my code – manashb Jan 12 '12 at 17:12
  • You can't run ajax across domains either. I'm afraid there's a lot more to it than that. You need to run code from domain2 (in an iframe, for example) so that it can get the cookies and pass the values into the parent (main document). I can only point you in the right direction on this - you're going to need to do some reading on cross-domain security. Start here... http://softwareas.com/cross-domain-communication-with-iframes – Reinstate Monica Cellio Jan 12 '12 at 17:48
  • See: http://www.codeguru.com/csharp/csharp/cs_internet/article.php/c19417/Sharing-Cookies-Across-Domains.htm – peteski Aug 22 '12 at 10:49
8

Your problem is that browsers wont let javascript to access different domain. Add:

header('Content-type: text/html');    
header('Access-Control-Allow-Origin: *');

lines to the beginning of cookie.php and it'll work. Still, you wont get the cookie (or at least in Chrome). I couldnt yet figure out why. It seems as if chrome creates a new session for the javascript and wont let that session access previous cookies. Like HttpOnly.

Semir
  • 81
  • 1
  • 3