473,408 Members | 1,904 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > javascript > questions > cookies and frames

Join Bytes to post your question to a community of 473,408 software developers and data experts.

Cookies and frames

Hi, should cookies work when referring to an 'external' site in a
frame?

Here is the situation: http://mysite.com/page1.html contains a frame
to http://othersite.com/otherpage1.html. When I navigate in the frame
from otherpage1.html to http://othersite.com/otherpage2.html the server
returns a cookie for the browser to set. But it appears that the
cookie is not sent back to othersite.com when navigating from
otherpage2.html.

All of this happens in a frame within http://mysite.com/page1.html .

I have looked at the http headers and it appears that the only field
which is added compared to navigating othersite.com outside a frame
is the Referer header which points to mysite.com/page1.html.

Does the Referer header prevent the cookie from being sent back
to othersite.com ?

This is all using IE7.

Cheers

Dec 2 '06 #1
6 7992
wrote on 02 dec 2006 in comp.lang.javascript:
Hi, should cookies work when referring to an 'external' site in a
frame?

Here is the situation: http://mysite.com/page1.html contains a frame
to http://othersite.com/otherpage1.html. When I navigate in the frame
from otherpage1.html to http://othersite.com/otherpage2.html the server
returns a cookie for the browser to set. But it appears that the
cookie is not sent back to othersite.com when navigating from
otherpage2.html.

All of this happens in a frame within http://mysite.com/page1.html .
Cookies are never sent [by the browser in a header] to another domain.

It would be a severe security risk if it did.

It could give away your session-variable of a server or a password stored
for a site.

The [i]frame dependency should not have anything to do with it.
I have looked at the http headers and it appears that the only field
which is added compared to navigating othersite.com outside a frame
is the Referer header which points to mysite.com/page1.html.

Does the Referer header prevent the cookie from being sent back
to othersite.com ?
No, the referrer header has nothing to do with it [exept sometimes showing
the domain requested by the browser], because that is what is sent too.
This is all using IE7.
All browser have or should have this cookie security.
--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
Dec 2 '06 #2
Cookies are never sent [by the browser in a header] to another domain.
Evertjan,

Thanks, but just to make it clear, the cookie here is set by the same
domain it is meant to be sent back to, there is no "cross-domain
cookie" attempt. What I'm experiencing is that navigating within one
domain in a single frame simply does not work because the cookie is not
sent back to the very same domain that sent it.

Cheers

Dec 2 '06 #3
wrote on 02 dec 2006 in comp.lang.javascript:
>
>Cookies are never sent [by the browser in a header] to another domain.

Evertjan,

Thanks, but just to make it clear, the cookie here is set by the same
domain it is meant to be sent back to, there is no "cross-domain
cookie" attempt. What I'm experiencing is that navigating within one
domain in a single frame simply does not work because the cookie is not
sent back to the very same domain that sent it.
Did you set the cookie domain property properly?

document.cookie = 'myCookie=' + cookieString + '; domain=myDomain.com;';
--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
Dec 2 '06 #4
Thanks, but just to make it clear, the cookie here is set by the same
domain it is meant to be sent back to, there is no "cross-domain
cookie" attempt. What I'm experiencing is that navigating within one
domain in a single frame simply does not work because the cookie is not
sent back to the very same domain that sent it.

Did you set the cookie domain property properly?

document.cookie = 'myCookie=' + cookieString + '; domain=myDomain.com;';
The thing is that I'm not even trying to set the cookie myself, the
domain sets it for me in the response, but it is not sent back to that
same domain when I navigate to another page. This happens when
navigation occurs in a frame whereas it works just fine if I'm
accessing the domain directly and not from a page of mine in a frame.

Rolf

Dec 2 '06 #5
wrote on 02 dec 2006 in comp.lang.javascript:
>
Thanks, but just to make it clear, the cookie here is set by the
same domain it is meant to be sent back to, there is no
"cross-domain cookie" attempt. What I'm experiencing is that
navigating within one domain in a single frame simply does not work
because the cookie is not sent back to the very same domain that
sent it.

Did you set the cookie domain property properly?

document.cookie = 'myCookie=' + cookieString + ';
domain=myDomain.com;';

The thing is that I'm not even trying to set the cookie myself, the
domain sets it for me in the response,
You mean in serverside code? [see below]. The server should only do what
you instruct it to do!
but it is not sent back to that
same domain when I navigate to another page. This happens when
navigation occurs in a frame whereas it works just fine if I'm
accessing the domain directly and not from a page of mine in a frame.
Also a cookie set by serverside code could have a wrong subdomain or
whatever. [It is said that a domain could be shared by different servers,
and that would give a cookie issue]

You could start by debugging by setting up a test page with cookies you set
yourself. Using a serverside cookie setter makes this much easier, like in
ASP-JS: response.cookie() and request.cookie()

I never had this problem, bu then I do not use [i]frames in that way.

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
Dec 2 '06 #6

Here is the real world case (on a test flickr account I created).

The URL in question is http://www.flickr.com/gp/56651581@N00/5oZhLf
When you navigate to it in a browser the server sets a cookie in the
response and asks the browser to redirect the page to another page.
This works fine.

However when you try to host the page in a frame exactly like this:

<HTML>
<FRAMESET>
<FRAME SCROLLING="auto"
SRC="http://www.flickr.com/gp/56651581@N00/5oZhLf">
</FRAMESET>
</HTML>

You end up on the flickr logon page, because apparently the cookie is
not sent back by the browser upon redirection.

Is there any issue with what I'm trying to achieve here ?

Dec 2 '06 #7
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
ASP Cookies + Frames = Problems
by: Dan Meehan | last post by:
I created a music website that allows people to sign up and post messages on some message boards and update their profiles and such. The login script uses cookies, so when they Log Into the site it...
ASP / Active Server Pages
1
Cookies - help needed !
by: martingerber | last post by:
Hi, I have the following script (javascript in html document): <html> <head> <meta http-equiv="content-type" content="text/html;charset=ISO-8859-1"> <title>Standort Speichern</title>
Javascript
7
Javascript cookies?
by: Bert | last post by:
I have been reading the post and the FAQ and have been unable to find anything that will help with my problem. First let me say that I am not a web developer, designer and no next to nothing...
Javascript
1
Cookies and Frames
by: Eric Petzold | last post by:
What's the trick to sharing cookies between frames? I can set and read a cookie in the same frame, but if I try to read the cookie in another frame it is undefined. :o( There are some other...
Javascript
0
losing cookies
by: Ed Douglas | last post by:
Hiyas, I've been banging my head against a brick wall for the last few days trying to work out why some of my code doesnt work. I have an ASP/ASP.NET application (website) that is the was...
.NET Framework
12
Cookies fail when using URL Frame re-direct
by: Don Juan | last post by:
I have a simple html document I have been using for some time on my (i.e.) abc.com domain that uses cookies. I recently purchased a new domain name and set up a service to redirect my new domain...
Javascript
1
frames and cookies
by: R. Vince | last post by:
I have a page, which writes a cookie, creating two frames. I have verified via Fireplug that the cookie is being written. In one of the frames, an attempt then is made to read the cookie. Therein,...
PHP
1
Setting page cookies to those of a lower frame
by: parkpost | last post by:
Hi - I'm making a comparison site with frame and have encountered a problem. Pages come up in a lower frame that I want to interact with, but I keep getting a message from them saying "enable cookies...
Javascript
1
Frameset missing cookies
by: Sanjib Biswas | last post by:
Hi, I have an ASP.Net application that runs in the localhost (site-A). With-in the .cs file I am accessing another site (site-B) that returns me cookies. I am also able to do a Post on that...
ASP.NET
3
how to pass the user name using cookies
by: swetha123 | last post by:
hello, I don't know how to use cookies please help me in this I am using the dream weaver cs4 I designed the navigation bar to my page using dream weaver cs4 navigation bar contains...
PHP
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA
0
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
C# / C Sharp

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!