Chung Leong wrote:
Well, maybe you can get away with not using cookie if the other site has
session.use_trans_sid turned out. In that case you can pass PHPSESSID
through the URL. And if the other site has register_globals turned on, you
might be able to log in by passing the username and password through the
URL.
Uzytkownik "Krzysztof Kujawski" <kr****************@zhp.pl> napisal w
wiadomosci news:bt**********@atlantis.news.tpi.pl...
tweek this code to accept your cookies, or to send them:
http://www-2.gzentools.com/snippetvi...etresource.php
I don't want to send a cookie, I want that connection via socket to use
cookies from that domain where I'm connecting.
Krzysztof Kujawski
Maybe I'm missing something here, but it seems to me that the way to
make this work is to append your variables (whatever values are in the
cookies) to the png generator on the second domain. So, the request for
image.php would look like:
<img src='http://domainB/image.php?var1=1&var2=1&so_on_and_on=etc'>
Cookies from domainA aren't sent to domainB, and frankly, that's a GOOD
thing. For instance, if you're logging in to Alice's site, and ask it
to "remember" your info. your info would/could be saved in a cookie
(sessions would be better, but we're talking about cookies). If cookies
set on domainA (Alice's site) could be read by domainB (Malice's site),
then you'd essentially be giving your UID/PWs away to domainB, or really
any site you visit. That would be a pretty big security problem.
I think what you're missing is that the request for the image isn't
being sent from the client's web browser... it's being sent from the
domainB server, which doesn't, and shouldn't have access the cookies
domainA set on the client.
The client won't give domainA's cookies to domainB, so when domainB asks
for domainA's image, no cookies are sent along... and it's *supposed*
to work that way.
Hopefully that's a little clearer than mud. ;)
Regards,
- Dan
http://www.dantripp.com/ 
