473,245 Members | 1,430 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,245 software developers and data experts.

Writing Cookie fail in two server !

Hi:
I have a problem with writing cookie from Jacascript.
My problem is that I have two server,
one is A, and the other is B.
(1) I call a aaa.html from A.
In aaa.html :
...
<iframe id="frame1" src='http://B/bbb.html'></iframe>
...
(2) In bbb.html :
document.cookie="key=123";
alert(document.cookie);

I fail to write key=123 to cookie.
Is this because of different ip?
Is there any other way to write cookie?
Any suggestion will be very appreciate.

Thanks a lot!

marshalli
Jul 23 '05 #1
2 1587
marshalli wrote:
Hi:
I have a problem with writing cookie from Jacascript.
My problem is that I have two server,
one is A, and the other is B.
(1) I call a aaa.html from A.
In aaa.html :
...
<iframe id="frame1" src='http://B/bbb.html'></iframe>
...
(2) In bbb.html :
document.cookie="key=123";
alert(document.cookie);

I fail to write key=123 to cookie.
Is this because of different ip?
Is there any other way to write cookie?
Any suggestion will be very appreciate.

Thanks a lot!

marshalli


Hi

Cookies are stored per domain.
So your cookie is there, but not readable for the other server.

That is how it should be.
If all domains could read all cookies, it is very easy to get your hands on
information that is none of your business, and 'steal' sessions.
For example:

page 1: My site where I sell great universal translators (fish).
page 2: Your session to your bank, where you modify your savings.

I could get your sessionid from a page1, pretend I am you, and transfer some
ammount to my account. If you are lucky I send you a Babelfish back.
Anyway: it is very unsafe if cookies are shared between domains.

(Actually, early version of Netscape allowed it. That was changed when
people realized it was very unsafe.)

This is a bad example because most banks use better security than a session
stored in a cookie, at least the bank I use.

So I think you cannot use cookies.
You can of course send information to another domain by posting it, or using
url-encoding in the get-string:
http://www.myfish.com/index.php?name...lyname=Prefect

But that is of course something else than a cookie, and is also a bad way to
start a session (because you have 2 sessions, one on both domains)

Hope that helps.

Regards,
Erwin Moller

Jul 23 '05 #2
Hi:
Thank you for your help.
The problem is that my web page will read/write cookie for myself.
Other server will include my web page

That means A will include B
and B will read/write B's cookie.
B didn't want to read/write A's cookie.
I think it shouldn't have a security's problem.
Am I wrong? Or anything I didn't think about?

Thanks a lot.

marshalli


Erwin Moller <si******************************************@spam yourself.com> wrote in message news:<41***********************@news.xs4all.nl>...
marshalli wrote:
Hi:
I have a problem with writing cookie from Jacascript.
My problem is that I have two server,
one is A, and the other is B.
(1) I call a aaa.html from A.
In aaa.html :
...
<iframe id="frame1" src='http://B/bbb.html'></iframe>
...
(2) In bbb.html :
document.cookie="key=123";
alert(document.cookie);

I fail to write key=123 to cookie.
Is this because of different ip?
Is there any other way to write cookie?
Any suggestion will be very appreciate.

Thanks a lot!

marshalli


Hi

Cookies are stored per domain.
So your cookie is there, but not readable for the other server.

That is how it should be.
If all domains could read all cookies, it is very easy to get your hands on
information that is none of your business, and 'steal' sessions.
For example:

page 1: My site where I sell great universal translators (fish).
page 2: Your session to your bank, where you modify your savings.

I could get your sessionid from a page1, pretend I am you, and transfer some
ammount to my account. If you are lucky I send you a Babelfish back.
Anyway: it is very unsafe if cookies are shared between domains.

(Actually, early version of Netscape allowed it. That was changed when
people realized it was very unsafe.)

This is a bad example because most banks use better security than a session
stored in a cookie, at least the bank I use.

So I think you cannot use cookies.
You can of course send information to another domain by posting it, or using
url-encoding in the get-string:
http://www.myfish.com/index.php?name...lyname=Prefect

But that is of course something else than a cookie, and is also a bad way to
start a session (because you have 2 sessions, one on both domains)

Hope that helps.

Regards,
Erwin Moller

Jul 23 '05 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
by: Google Mike | last post by:
Tell me if this can be done, and if I have a misconception here. I am writing an app that will be served up in an app farm, and therefore I need to move the session information to the client, not...
5
by: AHN | last post by:
Please tell me somebody what causes the cookie set with <% Response.Cookies("blah") = "Blah blah" Response.Cookies("blah").Expires = DateAdd( "h", 1, Now() ) %> work as supposed on my local...
20
by: Brian Burgess | last post by:
Hi all, Anyone know if this is possible? If so, on which page would the cookie be? .. On the page calling a function defined in the include file? thanks in advance.. -BB
17
by: neerolyte | last post by:
how would i go about setting a cookie in javascript that can be read in javascript on the next page load, but will NOT be passed to the server?
1
by: Peter | last post by:
Hi I am trying to do very simple http client that requires a login, copy cookie snet by a server and does a request with the cookies. WebRequest->CookieContainer/WebResponse->Cookies does not...
7
by: What-a-Tool | last post by:
How does the expire date work setting it server side with asp. I know with javascript setting it client side it will be set to the clients local time, and therefore expire when the clients local...
2
by: Syed Ghayas | last post by:
Hi, I've been having problem writing a cookie. Everything goes ok but when I supply the .Path property to "/" It just write the cookie when there is no cookie present, but when I try to update the...
7
by: Christoph Pieper | last post by:
Hi, we've the following problem : We have an asp-application which sets the cookie on first login. The cookie will never be touched during user access. The user can work the whole day, but...
0
by: Nicolas Joly | last post by:
Hello, I have this (a cookie writer) <script runat="server"> void WriteClicked(Object Sender, EventArgs e) { //Create a new cookie, passing the name into the constructor HttpCookie cookie =...
2
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 7 Feb 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:30 (7.30PM). In this month's session, the creator of the excellent VBE...
0
by: fareedcanada | last post by:
Hello I am trying to split number on their count. suppose i have 121314151617 (12cnt) then number should be split like 12,13,14,15,16,17 and if 11314151617 (11cnt) then should be split like...
1
by: davi5007 | last post by:
Hi, Basically, I am trying to automate a field named TraceabilityNo into a web page from an access form. I've got the serial held in the variable strSearchString. How can I get this into the...
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: Aftab Ahmad | last post by:
Hello Experts! I have written a code in MS Access for a cmd called "WhatsApp Message" to open WhatsApp using that very code but the problem is that it gives a popup message everytime I clicked on...
0
by: Aftab Ahmad | last post by:
So, I have written a code for a cmd called "Send WhatsApp Message" to open and send WhatsApp messaage. The code is given below. Dim IE As Object Set IE =...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.