Reply to Re: [PHP] Setting cookies for other domains

Your name:

Reply:


Posted by Scott Haneda on 03/18/05 10:26

on 3/17/05 6:32 PM, Brian Dunning at brian@briandunning.com wrote:

>> I suspect it's
>> for sub-domains of sites you administer and not completely different
>> domains altogether.
>
> If this is true, and it's not possible for a site to set a cookie for a
> completely different domain, then why do browsers have security options
> to allow or prevent this specific action? I'm thinking it must be
> possible, and that there's a reason for the domain option in
> setcookie() other than subdomains. Would just love to know how to make
> it work...

The domain option exists in scripting implementations solely for the purpose
of sub domains. It is not there to imply you can use it for more than one
domain, but to allow you to secure your sub domains. If you set a cookie
for .example.com then test.example.com and *.example.com etc will be able to
read it. This is not always what you want, in some cases, you may have
intranet.example.com and www.example.com and you would not want to set the
domain parameter to .example.com as that would allow one to read your
intranet cookies.

You will simply never make it work, it is designed to never allow this.
There has been one security issue I can think of to date that allowed it,
but it was patched promptly.

The day someone figured out how to set a cookie for amazon.com and read it
while under some other domain is the day all the news sites will be covering
that topic.

Cross domain cookies are indeed possible, look at microsoft.com, msn.com and
msnbc.com which indeed do share your cookies from one site to the next,
however, they do it by redirects and get/post methods, which is perfectly
legit since they control those domains. No one outside someone with access
to those servers could implement it.

You are misinterpreting the prefs in browsers, they can not do what you ask.
--
-------------------------------------------------------------
Scott Haneda Tel: 415.898.2602
<http://www.newgeo.com> Novato, CA U.S.A.

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация