Cookies fail when using URL Frame re-direct

Don Juan wrote:

I have a simple html document I have been using for some time on my
(i.e.) abc.com domain that uses cookies. I recently purchased a new
domain name and set up a service to redirect my new domain (i.e.)
xyz.com to a sub-directory of the abc.com domain. In other words, when
someone goes to URL xyz.com, they really end up in abc.com/xyz
directory but the MSIE browser says they are xyz.com.
Do not use frames for redirection. Use server settings, for example.
The problem is that cookies quit working in this setup when I copied
the same HTML document in the /xyz subdirectory that xyz.com now
accesses. I can't set or get a cookie any longer by calling the
document.cookie function from JS any longer. The call does not fail
but the data is always blank.
You cannot read or change cookies that are from a different second-level
domain. The Same Origin Policy does not care about that you own both
second-level domains; they are different to it, and access is denied.
I even tried setting the cookie and from the next line of code reading
it back immediately and it still would not save the cookie.
That is weird, though. You should be able to set, modify and read the
cookies for the site from the same site. Exactly how are you doing that?
I think it would be best if you posted the URL of your "old" domain.
Anyone know how to fix this?
Probably.
I checked the value of location.host, .hostname .pathname,
document.domain and they all indicate I am really at abc.com even
though the address in my IE browser says I am at xyz.com.

document.domain does not indicate anything. Instead, you have to _set_
document.domain in order to access documents or cookies from a different
domain, but the same second-level domain.
PointedEars

function createCookie(name,value,days)
{
if (days)
{
var date = new Date();
date.setTime(date.getTime()+(days*24*60*60*1000));
var expires = "; expires="+date.toGMTString();
}
else var expires = "";
document.cookie = name+"="+value+expires+"; path=/";
}

function readCookie(name)
{
var nameEQ = name + "=";
var ca = document.cookie.split(';');
for(var i=0;i < ca.length;i++)
{
var c = ca[i];
while (c.charAt(0)==' ') c = c.substring(1,c.length);
if (c.indexOf(nameEQ) == 0) return
c.substring(nameEQ.length,c.length);
}
return null;
}
document.write('<br>location.href: ' + location.href)
document.write('<br>location.protocol: ' +
location.protocol)
document.write('<br>location.host: ' + location.host)
document.write('<br>location.hostname: ' +
location.hostname)
document.write('<br>location.pathname: ' +
location.pathname)
document.write('<br>document.domain: ' + document.domain)
document.write('<br>document.referrer ' +
document.referrer)
document.write('<br>read cookie test: ' +
readCookie("test"))
document.write('<br>set cookie test : ' +
createCookie("test","DVT",3))
document.write('<br>read cookie test: ' +
readCookie("test"))

Don Juan wrote:

[code]

Your code, although it is unnecessarily inefficient and badly formatted,
works fine here[1], provided that I remove the newline after the
`return'[2]. Either you have included the newline, thereby returning
`undefined', or you have accidentally blocked cookie access for your new
site.

It would have been nice (and appropriate) if you had referred to anything
[3]
PointedEars
___________
[1] Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.2)
Gecko/Debian-1.5.dfsg+1.5.0.2-2 Firefox/1.5.0.2

[2] <URL:http://pointedears.de/scripts/test/dom/cookie-frameset>
(You will observe that the frameset does not matter.)

[3] <URL:http://jibbering.com/faq/faq_notes/pots1.html>
<URL:www.safalra.com/special/googlegroupsreply/>

OK first thanks for taking time out to help me. I "struggle" with java
script (as you can likely see). I was attempting to set a cookie, in
this example, "test" to a value of "DVT". When I click on URL[2]
above, I see that the cookie is not set:

read cookie test: null
set cookie test : undefined
read cookie test: null

Are you seeing the cookie being set to "DVT" and returning anything on
your browser?

***UPDATE*** !!!! I just tried your link using Firefox instead if IE 6
and I see it fine!

read cookie test: DVT
set cookie test : undefined
read cookie test: DVT2

I guess I have screwed up my IE browser settings somehow. Now just to
figure out what I did!!! I checked Tools, Internet Options, Privacy,
it was set to "Medium". Not sure what else I could have done?

OK first thanks for taking time out to help me. I "struggle" with java
script (as you can likely see). I was attempting to set a cookie, in
this example, "test" to a value of "DVT". When I click on URL[2]
above, I see that the cookie is not set:

read cookie test: null
set cookie test : undefined
read cookie test: null

Are you seeing the cookie being set to "DVT" and returning anything on
your browser?

***UPDATE*** !!!! I just tried your link using Firefox instead if IE 6
and I see it fine!

read cookie test: DVT
set cookie test : undefined
read cookie test: DVT2

I guess I have screwed up my IE browser settings somehow. Now just to
figure out what I did!!! I checked Tools, Internet Options, Privacy,
it was set to "Medium". Not sure what else I could have done?

On further test, I can put the same html file in the primary domain and
a copy in the URL Frame pass-to-directory domain, my IE 6 fails to see
the cookie when it is on the URL Frame and handles the cookie as
expected. My IE 6 also fails to set the cookie when I go to your
link:

<URL:http://pointedears.de/scripts/test/dom/cookie-frameset>

Using Firefox, I can see the cookie everywhere I put it, including your
example.

Don Juan wrote:

On further test, I can put the same html file in the primary domain and
a copy in the URL Frame pass-to-directory domain, my IE 6 fails to see
the cookie when it is on the URL Frame and handles the cookie as
expected.
As I said, the domain of the cookie must not be different to the domain
of the document resource that modifies or retrieves it. Since you did/do
not specify the domain, it was/is set automatically in the cookie when the
cookie is set or modified.

bar.example.com cannot retrieve a cookie set by foo.example.com, unless the
cookie was set with "domain=example.com". And a resource at example.net
cannot retrieve a cookie set by a resource at example.com (unless perhaps
the security level is set very low).
My IE 6 also fails to set the cookie when I go to your link:

<URL:http://pointedears.de/scripts/test/dom/cookie-frameset>

Using Firefox, I can see the cookie everywhere I put it, including your
example.

Why, you should really have a minimum clue about browsers before you start
coding for them:

,-<news:11**********************@g10g2000cwb.googleg roups.com>
|
| I guess I have screwed up my IE browser settings somehow. Now just to
| figure out what I did!!! I checked Tools, Internet Options, Privacy,
| it was set to "Medium". Not sure what else I could have done?

The "Medium" level in your IE Privacy settings simply prevent these
non-session cookies with unspecified `domain' label from being set (but
they can be read).

Change it to "Low"[1] and these cookies are set without you being asked.
Change it to "User-defined" by activating "Advanced" and "Disable Automatic
Cookie Handling" and you will be asked to set it (and can see the "Details"
of it) unless you set "Accept Always" or "Block Always". AIUI that is
because the other domain is regarded as "third-party provider", so if you
explicitly block those cookies via the "Advanced" dialog, they will never
be set as well.

Tested with IE6 SP1 on Win2k SP4 with .NET 1.1 support [Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)].
BTW, please do not amok-post like this next time:

<URL:http://jibbering.com/faq/faq_notes/pots1.html>
<URL:http://www.safalra.com/special/googlegroupsreply/>
HTH

PointedEars
___________
[1] UI labels are estimates, translated from German

Not sure what amok-post means, sorry about whatever i did ... I merely
copied text from one part of this post to the other. Not sure how to
work the controls here? It was just a reference to text above you had
aready entered. Sorry if I caused any problem.

Here is an update. I tried the following link from 4 different
systems. (http://pointedears.de/scripts/test/dom/cookie-frameset)

IE V5 on Windows 2000 - cookie WAS resolved
IE V6 on Windows 2000 - cookie NOT resolved
IE V6 on Windows XP (system A) - cookie NOT resolved
IE V6 on Windows XP (system B) - cookie NOT resolved

Firefox on all OS above - cookie WAS resolved

It is possible all the IE 6 systems I have are at the same fixpack
level. I am investigating that now to see if there is a fix I can
apply. I earlier thought this was isolated to my single main
development system but now I have proved it fails with 3 of my systems
that have IE 6 on them, regardless of the base OS. Firefox works with
any OS (of mine, 2K or XP, that is).

Don Juan wrote:

Not sure what amok-post means, sorry about whatever i did ...
I merely copied text from one part of this post to the other.
Pardon me?
Not sure how to work the controls here?
It would be best if you stopped using Google Groups for _posting_ at all.
(However, I am not sure if you are capable of using the controls of a
newsreader if you cannot even use Google Groups properly.)
It was just a reference to text above you had aready entered. Sorry
if I caused any problem.
As if posting a followup to a posting of yourself was not bad enough,
you did not quote anything of what you are referring to, although there
are enough pointers in the newsgroup and in the FAQ already that not only
tell otherwise but also tell how to do it right. And you did it wrong
_again_, although I provided those pointers in my very posting you have
replied to. Again :-(
Here is an update. I tried the following link from 4 different
systems. (http://pointedears.de/scripts/test/dom/cookie-frameset)

IE V5 on Windows 2000 - cookie WAS resolved
IE V6 on Windows 2000 - cookie NOT resolved
IE V6 on Windows XP (system A) - cookie NOT resolved
IE V6 on Windows XP (system B) - cookie NOT resolved
That is completely useless information because the browser is not the
problem! The browser privacy features and their settings are.
Firefox on all OS above - cookie WAS resolved

It is possible all the IE 6 systems I have are at the same fixpack
level. I am investigating that now to see if there is a fix I can
apply. I earlier thought this was isolated to my single main
development system but now I have proved it fails with 3 of my systems
that have IE 6 on them, regardless of the base OS. Firefox works with
any OS (of mine, 2K or XP, that is).

You have still not understood (have you even read my posting?). You have to
check the _privacy settings_ in each browser. Probably they are different
by default (maybe influenced by the security fixes), or the feature works
different. It is _not_ a script problem; setting/modifying cookies is not
restricted to scripting. So you are _off topic_ here.
Score adjusted

PointedEars
--
The German psychs, the German authorities, the German secret service agents
are [...] fanatics, they are insane and known of persecuting innocent people
and Scientologists. -- "The only real Barbara Schwarz", dsw.scientology,
<16**************************@posting.google.com >

Thanks, I'll keep all this in mind. I appreciate your guidance and
pointing out my ignorance and stupidity. I will strive to be a better
person in the future.

Well I am back, again responding to myself. While I agree I may not be
following the protocol that is expected by some, I believe on the
positive side that someone could possibly gain something from this
conversation so I changed my mind and decided to continue with it for
one more post. I have some information now that I can share with
others. Maybe like me they are new to java script, maybe they can learn
something from this or maybe not. I hope that anyone else reading
this can enjoy some benefit from it, even if my newbie understanding is
a warped understanding of how cookies work.

I have used cookies in the past as a way to remember what button
someone last pushed on a webpage, i.e. there are 5 buttons on a page
and clicking on one (through use of javascript) will cause the color
of the button pushed to darken and the text on the page to change to
the image associated with the last button pushed, next button the
button highlighting changes with different text, etc. The last button
pushed is saved in a cookie and the screen is refreshed, then the
cookie is read so that the screen knows what was the last button
pressed before it refreshed and the condition of the screen can be
saved and remembered during the session, or longer if a longer time is
specified when the cookie is set.

I have been using this rather elementary java code on my website for
years. I then found a need for a new domain and decided to try to save
some money by using the free URL Frame redirect feature from the
registrar where I purchased my second domain. The registrar has some
"magic method" of routing my secondary domain automatically to a
sub-directory of my primary domain. For most purposes this works
great, that is unless I try to use cookies.

You probably understand how cookies are used to resolve the
statelessness of the web or you wouldn't be reading this now. So
what is the problem you say? Apparently the "security level" that
microsoft has assigned to a cookie executing on a primary domain is
different to if that same code is running on a URL Frame'd domain. I
tested this on several systems and found this is what the problem is.

From a human engineering perspective, thinking that I could somehow

educate everyone that visits my website (secondary domain) to set their
privacy settings to a lower value would be impossible. So if one
agrees with this, I am at the mercy of MS and can say for all practical
purposes that if one expects most of their users to be using IE6 or
later and that most people visiting a site don't have a clue about
whether, how, if and why to change cookie authority, then the answer is
"one can't use cookies if the domain is a URL Frame redirect".

P.S. Firefox allows the cookie to be set regardless if the html file is
on the primary domain or URL Frame redirect domain.

P.P.S. Thanks to Pointed Ears for the information, you got me on the
right track and sorry for any misunderstanding that I may have caused
between us.

JRS: In article <11**********************@z34g2000cwc.googlegroups .com>
, dated Sun, 23 Apr 2006 08:32:40 remote, seen in
news:comp.lang.javascript, Don Juan <do*********@hotmail.com> posted :

date.setTime(date.getTime()+(days*24*60*60*1000));

Unnecessarily complex; and probably not giving the desired effect near
the last Sundays of March and October (assuming, from your name, that
you are Spanish); use

date.setDate(date.getDate()+days);

The effect of what you actually wrote can be more eloquently expressed
as

date.setUTCDate(date.getUTCDate()+days);

See below.

--
© John Stockton, Surrey, UK. ?@merlyn.demon.co.uk Turnpike v4.00 MIME. ©
Web <URL:http://www.merlyn.demon.co.uk/> - w. FAQish topics, links, acronyms
PAS EXE etc : <URL:http://www.merlyn.demon.co.uk/programs/> - see 00index.htm
Dates - miscdate.htm moredate.htm js-dates.htm pas-time.htm critdate.htm etc.