Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Javascript > cross-domain cookies?

Reply
Thread Tools

cross-domain cookies?

 
 
yawnmoth
Guest
Posts: n/a
 
      06-12-2006
If running off of the local filesystem, in Firefox, or if the security
settings are set appropriately, in Internet Exporer, XmlHttpRequests
can be sent to any domain of your chosing. But what about cookies?
Can cookies be accessed for any domain of your chosing?

For example, although www.domaina.tld can't access cookies for
www.domainb.tld, can c:\ access cookies for www.domainb.tld?

The way cookies are accessed in javascript (document.cookies) would
suggest not, but I just wanted to make sure. Thanks.

 
Reply With Quote
 
 
 
 
Randy Webb
Guest
Posts: n/a
 
      06-12-2006
yawnmoth said the following on 6/12/2006 3:18 AM:
> If running off of the local filesystem, in Firefox, or if the security
> settings are set appropriately, in Internet Exporer, XmlHttpRequests
> can be sent to any domain of your chosing. But what about cookies?


Probably not. Did you test it?

> Can cookies be accessed for any domain of your chosing?


Probably not. Did you test it?

> For example, although www.domaina.tld can't access cookies for
> www.domainb.tld, can c:\ access cookies for www.domainb.tld?


Probably not. Did you test it?

> The way cookies are accessed in javascript (document.cookies) would
> suggest not, but I just wanted to make sure. Thanks.


No, and testing it would have shown it.

--
Randy
comp.lang.javascript FAQ - http://jibbering.com/faq & newsgroup weekly
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/
 
Reply With Quote
 
 
 
 
yawnmoth
Guest
Posts: n/a
 
      06-12-2006

Randy Webb wrote:
> yawnmoth said the following on 6/12/2006 3:18 AM:
> > If running off of the local filesystem, in Firefox, or if the security
> > settings are set appropriately, in Internet Exporer, XmlHttpRequests
> > can be sent to any domain of your chosing. But what about cookies?

>
> Probably not. Did you test it?
>
> > Can cookies be accessed for any domain of your chosing?

>
> Probably not. Did you test it?
>
> > For example, although www.domaina.tld can't access cookies for
> > www.domainb.tld, can c:\ access cookies for www.domainb.tld?

>
> Probably not. Did you test it?
>
> > The way cookies are accessed in javascript (document.cookies) would
> > suggest not, but I just wanted to make sure. Thanks.

>
> No, and testing it would have shown it.

All testing would do is show that document.cookies doesn't work. As
far as I know (or knew, or whatever) there are other ways. But who
knows - maybe you're familiar with some testing procedure that'll
eliminate the possiblity of other approaches? If so, I'd certainly be
interested in knowing what it is. 'cause being able to test A to
confirm whether or not B and C work, without even knowing what B and C
are, would be convenient.

 
Reply With Quote
 
Randy Webb
Guest
Posts: n/a
 
      06-13-2006
yawnmoth said the following on 6/12/2006 2:40 PM:
> Randy Webb wrote:
>> yawnmoth said the following on 6/12/2006 3:18 AM:
>>> If running off of the local filesystem, in Firefox, or if the security
>>> settings are set appropriately, in Internet Exporer, XmlHttpRequests
>>> can be sent to any domain of your chosing. But what about cookies?

>> Probably not. Did you test it?
>>
>>> Can cookies be accessed for any domain of your chosing?

>> Probably not. Did you test it?
>>
>>> For example, although www.domaina.tld can't access cookies for
>>> www.domainb.tld, can c:\ access cookies for www.domainb.tld?

>> Probably not. Did you test it?
>>
>>> The way cookies are accessed in javascript (document.cookies) would
>>> suggest not, but I just wanted to make sure. Thanks.

>> No, and testing it would have shown it.

> All testing would do is show that document.cookies doesn't work.


And that was your question wasn't it? Would c:\ be able to access
cookies from a domain and the answer is no.

> As far as I know (or knew, or whatever) there are other ways.


To get a cookie from a domain from c:\? No. You fall into the security
zone/issues.

> But who knows - maybe you're familiar with some testing procedure that'll
> eliminate the possiblity of other approaches? If so, I'd certainly be
> interested in knowing what it is. 'cause being able to test A to
> confirm whether or not B and C work, without even knowing what B and C
> are, would be convenient.


The only way to tell you how to test whether something "works" or not is
to know what you are trying to do. As for reading cookies, you can't
read them.

Is there some other issue or effect you are trying to create by trying
to read the cookies or just wanting to read the cookies?

--
Randy
comp.lang.javascript FAQ - http://jibbering.com/faq & newsgroup weekly
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/
 
Reply With Quote
 
pegasusflightresources@gmail.com
Guest
Posts: n/a
 
      06-13-2006
yawnmoth wrote:
> If running off of the local filesystem, in Firefox, or if the security
> settings are set appropriately, in Internet Exporer, XmlHttpRequests
> can be sent to any domain of your chosing. But what about cookies?
> Can cookies be accessed for any domain of your chosing?
>
> For example, although www.domaina.tld can't access cookies for
> www.domainb.tld, can c:\ access cookies for www.domainb.tld?
>
> The way cookies are accessed in javascript (document.cookies) would
> suggest not, but I just wanted to make sure. Thanks.


Dear sir,
If you speak of accessing cookies remotely, then no you cannot access a
cookie from another domain. If you are speaking of accessing the
cookies from the computer using local hard drives, then not exactly, as
you will be forced to figure out a way to unescape the cookie without
using JavaScript (JavaScript wouldn't work because you are trying to do
the process locally, and JavaScript would probably run into the same
domain access problem.) If you wish to access a cookie, the closest
you will get is to go to the folder C:\Documents and
Settings\*yourusername*\Cookies\ replacing the *yourusername*
with your user name. In this case, you will find yourself opening up
the cookies with Notepad, and they will remain unreadable because they
are still escaped. I don't know of any local unescaping freeware, but
you can search for it.

I have the honor to remain your most humble and Ob't Sv't in our war
against the King.

--
Patrick Reilly
1st Coy.
Colonel Seth Warner's Regiment

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Advertisments