|
|
Posted by Gordon Burditt on 04/16/06 19:43
>I have a feature that is hosted on a different domain from the primary one
>in a frame, and need to retain values in a cookie.
>
>example: A web page at one.com contains a frame which has a page hosted at
>two.com
>
>If I view the frameset from one.com in Firefox, all works well with the
>content from two.com. But if trying to view this using IE (with standard
>security settings), the cookie set by two.com is not accessible.
>
>Have been tinkering with the domain setting in the setcookie function to
>specify the domain: have tried one.com and two.com, but have not been able
>to get at the cookie value.
>
>How can I get this to work?
Hopefully you can't on any browser. Cookies from one domain aren't
supposed to be sent to another. For many, many, uses of cookies,
it's a BIG security hole (you're handing credentials to log into one
web site to another web site, which makes session hijacking easy).
Gordon L. Burditt
[Back to original message]
|