Posted by Gordon Burditt on 04/16/06 23:39

>Well, I'm not so sure that it's a nasty thing if a frame from a domain has
>access to it's own cookies.

It was unclear from your question that this was the situation.

>As far as I can see, the contents of the frame belong either to it's own
>domain, or the host frame's (which is it?).

The domain of the cookie is the domain of the URL the browser was
fetching when it received the cookie. This does not necessarily
have anything to do with frames: the cookie could have come from
an image fetched from a server unrelated to any frame (banner ad,
for example).

>Setting the cookie as belonging
>to one of these two domains should allow me to save values for subsequent
>pages.

(1) What was the domain in the URL that caused the cookie to be
sent to the browser? (might or might not be a frame URL)
(2) What was the domain in the arguments to setcookie()?
(3) What was the domain of the URL that you think should be delivering
the cookie to the server for that URL, but isn't?

IE might be dropping the cookie if (1) and (2) are unrelated domains.
A cookie set by (1) should never be transmitted to (3) if the domains
are unrelated (regardless of what you set in (2)).

Gordon L. Burditt

[Back to original message]