|
|
Posted by Gordon Burditt on 04/16/06 22:17
>Yes, but it does actually work on any browser I have seen aside from IE
>(including Netscape, Firefox Win, Firefox Linux, Safari Mac).
>
>The page in the frame does have a domain associated with it, shouldn't the
>cookie be available to that domain? (But not necessarily to the domain of
>the hosting frame)
A cookie set by domain A should never be sent to a server not in
domain A.
>> >I have a feature that is hosted on a different domain from the primary
>> >one
>>>in a frame, and need to retain values in a cookie.
>>>
>>>example: A web page at one.com contains a frame which has a page hosted at
>>>two.com
>>>
>>>If I view the frameset from one.com in Firefox, all works well with the
>>>content from two.com. But if trying to view this using IE (with standard
>>>security settings), the cookie set by two.com is not accessible.
Ok, perhaps I misunderstood you. The cookie set by two.com is not
accessible *ON WHICH SERVER*? I assumed you meant it wasn't
accessible by pages on one.com. And it shouldn't be.
>>>Have been tinkering with the domain setting in the setcookie function to
>>>specify the domain: have tried one.com and two.com, but have not been able
>>>to get at the cookie value.
Get at the cookie value *ON WHICH SERVER*?
>>>
>>>How can I get this to work?
>>
>> Hopefully you can't on any browser. Cookies from one domain aren't
>> supposed to be sent to another. For many, many, uses of cookies,
>> it's a BIG security hole (you're handing credentials to log into one
>> web site to another web site, which makes session hijacking easy).
>>
>> Gordon L. Burditt
Gordon L. Burditt
Navigation:
[Reply to this message]
|