Re: Cross-domain cookie updating ?

Stevo wrote:
Jerry Stuckle wrote:
Stevo wrote:
I'm guessing this is a laughably obvious answer to many here, but it's not to me (and I don't have a server or any knowledge of PHP to be able to try it). It's not strictly a PHP question, but something that PHP guys would know the answer to. I can't think of a more appropriate forum to try. I've heard the ASP and JSP guys aren't as friendly ;-)

Let's say we have a HTML page from domain example.com, and that HTML page makes a request to example.com to return a JavaScript file. The request for that file automatically (by the browser) has cookie information in the request header. If the file being returned has updated cookie information in the response header, then I imagine the cookies for example.com get updated (again automatically by the browser). This is how I imagine things are working based on what I've read. I've never been involved in server-side scripting, only client-side updating of cookies. But I believe updated cookies in the response header does cause cookie updating.

So my main question is, what if that scenario above is slightly different. What if the JS file it's requesting is actually to a different unrelated domain server (example2.com) that's going to return a JavaScript file with updated cookies in the response header. Will the browser correctly update the example2.com domain cookies ? Or will it think it's the example.com cookies that want to update (because JS files get included in the context of the page they're on, which is of course in the domain example.com).


You're right - it's not a PHP question. Try a javascript newsgroup.

It's certainly not a JavaScript question, there's no JavaScript being executed here. It's a server-side scripters' question. Something a PHP programmer would do. I'll ask on a JSP or ASP forum then.


There is no server side scripting involved in this. It is strictly between the server and the browser. It works the same way whether you're dealing with a .php file or a simple .html file.

I suggested a javascript newsgroup because even if you do fetch the file from another server, you're going to have other security issues when you execute the javascript.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@xxxxxxxxxxxxx
==================

.

Relevant Pages