Re: Cross-domain cookie updating ?
- From: Jerry Stuckle <jstucklex@xxxxxxxxxxxxx>
- Date: Sat, 09 Aug 2008 14:30:21 -0400
Stevo wrote:
Jerry Stuckle wrote:Stevo wrote:Jerry Stuckle wrote:Stevo wrote:I'm guessing this is a laughably obvious answer to many here, but it's not to me (and I don't have a server or any knowledge of PHP to be able to try it). It's not strictly a PHP question, but something that PHP guys would know the answer to. I can't think of a more appropriate forum to try. I've heard the ASP and JSP guys aren't as friendly ;-)
Let's say we have a HTML page from domain example.com, and that HTML page makes a request to example.com to return a JavaScript file. The request for that file automatically (by the browser) has cookie information in the request header. If the file being returned has updated cookie information in the response header, then I imagine the cookies for example.com get updated (again automatically by the browser). This is how I imagine things are working based on what I've read. I've never been involved in server-side scripting, only client-side updating of cookies. But I believe updated cookies in the response header does cause cookie updating.
So my main question is, what if that scenario above is slightly different. What if the JS file it's requesting is actually to a different unrelated domain server (example2.com) that's going to return a JavaScript file with updated cookies in the response header. Will the browser correctly update the example2.com domain cookies ? Or will it think it's the example.com cookies that want to update (because JS files get included in the context of the page they're on, which is of course in the domain example.com).
You're right - it's not a PHP question. Try a javascript newsgroup.
It's certainly not a JavaScript question, there's no JavaScript being executed here. It's a server-side scripters' question. Something a PHP programmer would do. I'll ask on a JSP or ASP forum then.
There is no server side scripting involved in this. It is strictly between the server and the browser. It works the same way whether you're dealing with a .php file or a simple .html file.
I know. That's why I said right up front it's not a scripting question, but it IS the type of question that a server-side scripter is more likely to be familiar with. After all, you s-s- scripter guys do make calls to addCookie (which adds a Set-Cookie to the response header), and that tells the browser to set the cookie value.
I suggested a javascript newsgroup because even if you do fetch the file from another server, you're going to have other security issues when you execute the javascript.
You've latched onto this idea of JavaScript being executed again. Would it help if it's an image I'm requesting? The question is the same ... "if I request an image from another domain and the response has a Set-Cookie in it, will it set the cookie in that other domain?".
You talked about requesting a js file - which is entirely different than requesting an image file.
But in either case, scripting has NOTHING to do with your request. It can all be done from straight HTML documents.
If you want to know more generic things like that, alt.html is the place to be.
But it is completely off-topic in this newsgroup.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@xxxxxxxxxxxxx
==================
.
- Follow-Ups:
- Re: Cross-domain cookie updating ?
- From: Stevo
- Re: Cross-domain cookie updating ?
- References:
- Cross-domain cookie updating ?
- From: Stevo
- Re: Cross-domain cookie updating ?
- From: Jerry Stuckle
- Re: Cross-domain cookie updating ?
- From: Stevo
- Re: Cross-domain cookie updating ?
- From: Jerry Stuckle
- Re: Cross-domain cookie updating ?
- From: Stevo
- Cross-domain cookie updating ?
- Prev by Date: Re: Cross-domain cookie updating ?
- Next by Date: Re: How can a php ng ban HTML tags posts?
- Previous by thread: Re: Cross-domain cookie updating ?
- Next by thread: Re: Cross-domain cookie updating ?
- Index(es):
Relevant Pages
|
