Posted by Bruno on 04/16/06 20:23

Yes, but it does actually work on any browser I have seen aside from IE
(including Netscape, Firefox Win, Firefox Linux, Safari Mac).

The page in the frame does have a domain associated with it, shouldn't the
cookie be available to that domain? (But not necessarily to the domain of
the hosting frame)



"Gordon Burditt" <gordonb.ag0mk@burditt.org> wrote in message
news:1244t1u3ue2pl1c@corp.supernews.com...
> >I have a feature that is hosted on a different domain from the primary
> >one
>>in a frame, and need to retain values in a cookie.
>>
>>example: A web page at one.com contains a frame which has a page hosted at
>>two.com
>>
>>If I view the frameset from one.com in Firefox, all works well with the
>>content from two.com. But if trying to view this using IE (with standard
>>security settings), the cookie set by two.com is not accessible.
>>
>>Have been tinkering with the domain setting in the setcookie function to
>>specify the domain: have tried one.com and two.com, but have not been able
>>to get at the cookie value.
>>
>>How can I get this to work?
>
> Hopefully you can't on any browser. Cookies from one domain aren't
> supposed to be sent to another. For many, many, uses of cookies,
> it's a BIG security hole (you're handing credentials to log into one
> web site to another web site, which makes session hijacking easy).
>
> Gordon L. Burditt

[Back to original message]