Hi, should cookies work when referring to an 'external' site in a
frame?
Here is the situation: http://mysite.com/page1.html contains a frame
to http://othersite.com/otherpage1.html. When I navigate in the frame
from otherpage1.html to http://othersite.com/otherpage2.html the server
returns a cookie for the browser to set. But it appears that the
cookie is not sent back to othersite.com when navigating from
otherpage2.html .
All of this happens in a frame within http://mysite.com/page1.html .
I have looked at the http headers and it appears that the only field
which is added compared to navigating othersite.com outside a frame
is the Referer header which points to mysite.com/page1.html.
Does the Referer header prevent the cookie from being sent back
to othersite.com ?
This is all using IE7.
Cheers 6 8032
wrote on 02 dec 2006 in comp.lang.javas cript:
Hi, should cookies work when referring to an 'external' site in a
frame?
Here is the situation: http://mysite.com/page1.html contains a frame
to http://othersite.com/otherpage1.html. When I navigate in the frame
from otherpage1.html to http://othersite.com/otherpage2.html the server
returns a cookie for the browser to set. But it appears that the
cookie is not sent back to othersite.com when navigating from
otherpage2.html .
All of this happens in a frame within http://mysite.com/page1.html .
Cookies are never sent [by the browser in a header] to another domain.
It would be a severe security risk if it did.
It could give away your session-variable of a server or a password stored
for a site.
The [i]frame dependency should not have anything to do with it.
I have looked at the http headers and it appears that the only field
which is added compared to navigating othersite.com outside a frame
is the Referer header which points to mysite.com/page1.html.
Does the Referer header prevent the cookie from being sent back
to othersite.com ?
No, the referrer header has nothing to do with it [exept sometimes showing
the domain requested by the browser], because that is what is sent too.
This is all using IE7.
All browser have or should have this cookie security.
--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
Cookies are never sent [by the browser in a header] to another domain.
Evertjan,
Thanks, but just to make it clear, the cookie here is set by the same
domain it is meant to be sent back to, there is no "cross-domain
cookie" attempt. What I'm experiencing is that navigating within one
domain in a single frame simply does not work because the cookie is not
sent back to the very same domain that sent it.
Cheers
wrote on 02 dec 2006 in comp.lang.javas cript:
>
>Cookies are never sent [by the browser in a header] to another domain.
Evertjan,
Thanks, but just to make it clear, the cookie here is set by the same
domain it is meant to be sent back to, there is no "cross-domain
cookie" attempt. What I'm experiencing is that navigating within one
domain in a single frame simply does not work because the cookie is not
sent back to the very same domain that sent it.
Did you set the cookie domain property properly?
document.cookie = 'myCookie=' + cookieString + '; domain=myDomain .com;';
--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
Thanks, but just to make it clear, the cookie here is set by the same
domain it is meant to be sent back to, there is no "cross-domain
cookie" attempt. What I'm experiencing is that navigating within one
domain in a single frame simply does not work because the cookie is not
sent back to the very same domain that sent it.
Did you set the cookie domain property properly?
document.cookie = 'myCookie=' + cookieString + '; domain=myDomain .com;';
The thing is that I'm not even trying to set the cookie myself, the
domain sets it for me in the response, but it is not sent back to that
same domain when I navigate to another page. This happens when
navigation occurs in a frame whereas it works just fine if I'm
accessing the domain directly and not from a page of mine in a frame.
Rolf
wrote on 02 dec 2006 in comp.lang.javas cript:
>
Thanks, but just to make it clear, the cookie here is set by the
same domain it is meant to be sent back to, there is no
"cross-domain cookie" attempt. What I'm experiencing is that
navigating within one domain in a single frame simply does not work
because the cookie is not sent back to the very same domain that
sent it.
Did you set the cookie domain property properly?
document.cooki e = 'myCookie=' + cookieString + '; domain=myDomai n.com;';
The thing is that I'm not even trying to set the cookie myself, the
domain sets it for me in the response,
You mean in serverside code? [see below]. The server should only do what
you instruct it to do!
but it is not sent back to that
same domain when I navigate to another page. This happens when
navigation occurs in a frame whereas it works just fine if I'm
accessing the domain directly and not from a page of mine in a frame.
Also a cookie set by serverside code could have a wrong subdomain or
whatever. [It is said that a domain could be shared by different servers,
and that would give a cookie issue]
You could start by debugging by setting up a test page with cookies you set
yourself. Using a serverside cookie setter makes this much easier, like in
ASP-JS: response.cookie () and request.cookie( )
I never had this problem, bu then I do not use [i]frames in that way.
--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
Here is the real world case (on a test flickr account I created).
The URL in question is http://www.flickr.com/gp/56651581@N00/5oZhLf
When you navigate to it in a browser the server sets a cookie in the
response and asks the browser to redirect the page to another page.
This works fine.
However when you try to host the page in a frame exactly like this:
<HTML>
<FRAMESET>
<FRAME SCROLLING="auto "
SRC="http://www.flickr.com/gp/56651581@N00/5oZhLf">
</FRAMESET>
</HTML>
You end up on the flickr logon page, because apparently the cookie is
not sent back by the browser upon redirection.
Is there any issue with what I'm trying to achieve here ? This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Dan Meehan |
last post by:
I created a music website that allows people to sign up and post
messages on some message boards and update their profiles and such.
The login script uses cookies, so when they Log Into the site it does
something like:
Response.cookies("ID") = RS.fields("UserID").value
Response.cookies("USERNAME") = RS.fields("Username").value
Response.cookies("LEVEL") = RS.fields("ULevel").value
and from there, I have a header include that will...
|
by: martingerber |
last post by:
Hi,
I have the following script (javascript in html document):
<html>
<head>
<meta http-equiv="content-type"
content="text/html;charset=ISO-8859-1">
<title>Standort Speichern</title>
|
by: Bert |
last post by:
I have been reading the post and the FAQ and have been unable to find
anything that will help with my problem.
First let me say that I am not a web developer, designer and no next to
nothing about javascript. I am just rebuilding my site and need help. We run
a bamboo nursery and the site has listings of over 100 varieties we sell.
The site uses regular pages and framesets for the discriptions of the
bamboo. The framesets have a top...
|
by: Eric Petzold |
last post by:
What's the trick to sharing cookies between frames? I can set and read a
cookie in the same frame, but if I try to read the cookie in another frame
it is undefined. :o(
There are some other cookies that are available in all frames, so I know
that the frames are capable of reading cookies, just not the ones that I set
in the other frame.
P.S. I am not setting any expiration, path, or domain... keeping the
defaults.
|
by: Ed Douglas |
last post by:
Hiyas,
I've been banging my head against a brick wall for the last few days
trying to work out why some of my code doesnt work.
I have an ASP/ASP.NET application (website) that is the was previously
simply an ASP site. The first thing we have done is moved an old C++
COM object that managed the applications security into a more OO
structure and also into the .NET environment - its now a number of C#
classes in a Service layer of the...
| |
by: Don Juan |
last post by:
I have a simple html document I have been using for some time on my
(i.e.) abc.com domain that uses cookies. I recently purchased a new
domain name and set up a service to redirect my new domain (i.e.)
xyz.com to a sub-directory of the abc.com domain. In other words, when
someone goes to URL xyz.com, they really end up in abc.com/xyz
directory but the MSIE browser says they are xyz.com.
The problem is that cookies quit working in this...
|
by: R. Vince |
last post by:
I have a page, which writes a cookie, creating two frames. I have verified
via Fireplug that the cookie is being written. In one of the frames, an
attempt then is made to read the cookie. Therein, I have code to see if the
cookie is set -- and it keeps telling me it is not set (despite my being
able to see it there, and it;s contents, and it is correct). Can someone
please tell me why, in this code, my frame connot read this cookie? Thanks....
|
by: parkpost |
last post by:
Hi - I'm making a comparison site with frame and have encountered a problem. Pages come up in a lower frame that I want to interact with, but I keep getting a message from them saying "enable cookies on your browser to continue." Cookies are enabled on my browser so I am assuming that frames are preventing the cookies from working. I need a script that will instruct my framing page to receive the cookies of my framed page, so that we can...
|
by: Sanjib Biswas |
last post by:
Hi,
I have an ASP.Net application that runs in the localhost (site-A).
With-in the .cs file I am accessing another site (site-B) that returns me
cookies. I am also able to do a Post on that site and its working. But when
I set the returned cookies from site-B in the response header, the cookies
are not visible in site-A. How do I get around to this problem?
|
by: swetha123 |
last post by:
hello,
I don't know how to use cookies
please help me in this
I am using the dream weaver cs4
I designed the navigation bar to my page using dream weaver cs4
navigation bar contains Home, Retail Contact Us
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| |
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |