marshalli wrote:
Hi:
I have a problem with writing cookie from Jacascript.
My problem is that I have two server,
one is A, and the other is B.
(1) I call a aaa.html from A.
In aaa.html :
...
<iframe id="frame1" src='http://B/bbb.html'></iframe>
...
(2) In bbb.html :
document.cookie="key=123";
alert(document.cookie);
I fail to write key=123 to cookie.
Is this because of different ip?
Is there any other way to write cookie?
Any suggestion will be very appreciate.
Thanks a lot!
marshalli
Hi
Cookies are stored per domain.
So your cookie is there, but not readable for the other server.
That is how it should be.
If all domains could read all cookies, it is very easy to get your hands on
information that is none of your business, and 'steal' sessions.
For example:
page 1: My site where I sell great universal translators (fish).
page 2: Your session to your bank, where you modify your savings.
I could get your sessionid from a page1, pretend I am you, and transfer some
ammount to my account. If you are lucky I send you a Babelfish back.
Anyway: it is very unsafe if cookies are shared between domains.
(Actually, early version of Netscape allowed it. That was changed when
people realized it was very unsafe.)
This is a bad example because most banks use better security than a session
stored in a cookie, at least the bank I use.
So I think you cannot use cookies.
You can of course send information to another domain by posting it, or using
url-encoding in the get-string:
http://www.myfish.com/index.php?name...lyname=Prefect
But that is of course something else than a cookie, and is also a bad way to
start a session (because you have 2 sessions, one on both domains)
Hope that helps.
Regards,
Erwin Moller
