Posted by Bruno on 04/17/06 00:07

A little further investigation into the privacy settings - IE's default
setting (Medium) specifies that it:
- blocks thrid-party cookies that do not have a compact privacy policy
(what's this about?)
- blocks thrid-party cookies that use personally identifiable information
without implicit consent

So I guess it's one of these things that is blocking the cookie.

Not sure why my cookie would violate any of these restrictions: My cookie
is not using any personally identifiable information. The source page has a
list of links to be chosen among. When the user clicks a link, it chains to
a page which accesses a settings file on the server, saves relevant values
to a cookie for the remainder of the session, and chains to the final target
page which requires these values to operate.




"Gordon Burditt" <gordonb.mm6lu@burditt.org> wrote in message
news:124561l2co7lm87@corp.supernews.com...
> >Yes, but it does actually work on any browser I have seen aside from IE
>>(including Netscape, Firefox Win, Firefox Linux, Safari Mac).
>>
>>The page in the frame does have a domain associated with it, shouldn't the
>>cookie be available to that domain? (But not necessarily to the domain of
>>the hosting frame)
>
> A cookie set by domain A should never be sent to a server not in
> domain A.
>
>>> >I have a feature that is hosted on a different domain from the primary
>>> >one
>>>>in a frame, and need to retain values in a cookie.
>>>>
>>>>example: A web page at one.com contains a frame which has a page hosted
>>>>at
>>>>two.com
>>>>
>>>>If I view the frameset from one.com in Firefox, all works well with the
>>>>content from two.com. But if trying to view this using IE (with standard
>>>>security settings), the cookie set by two.com is not accessible.
>
> Ok, perhaps I misunderstood you. The cookie set by two.com is not
> accessible *ON WHICH SERVER*? I assumed you meant it wasn't
> accessible by pages on one.com. And it shouldn't be.
>
>>>>Have been tinkering with the domain setting in the setcookie function to
>>>>specify the domain: have tried one.com and two.com, but have not been
>>>>able
>>>>to get at the cookie value.
>
> Get at the cookie value *ON WHICH SERVER*?
>
>>>>
>>>>How can I get this to work?
>>>
>>> Hopefully you can't on any browser. Cookies from one domain aren't
>>> supposed to be sent to another. For many, many, uses of cookies,
>>> it's a BIG security hole (you're handing credentials to log into one
>>> web site to another web site, which makes session hijacking easy).
>>>
>>> Gordon L. Burditt
>
> Gordon L. Burditt

• Next in forum: Re: exec returns -1
• Prev in forum: Re: Unable to load dynamic library
• Thread view: Re: Cookie & Frame from another domain?

[Reply to this message]