By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
431,899 Members | 1,066 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 431,899 IT Pros & Developers. It's quick & easy.

Cross-domain cookie updating ?

P: n/a
I'm guessing this is a laughably obvious answer to many here, but it's
not to me (and I don't have a server or any knowledge of PHP to be able
to try it). It's not strictly a PHP question, but something that PHP
guys would know the answer to. I can't think of a more appropriate forum
to try. I've heard the ASP and JSP guys aren't as friendly ;-)

Let's say we have a HTML page from domain example.com, and that HTML
page makes a request to example.com to return a JavaScript file. The
request for that file automatically (by the browser) has cookie
information in the request header. If the file being returned has
updated cookie information in the response header, then I imagine the
cookies for example.com get updated (again automatically by the
browser). This is how I imagine things are working based on what I've
read. I've never been involved in server-side scripting, only
client-side updating of cookies. But I believe updated cookies in the
response header does cause cookie updating.

So my main question is, what if that scenario above is slightly
different. What if the JS file it's requesting is actually to a
different unrelated domain server (example2.com) that's going to return
a JavaScript file with updated cookies in the response header. Will the
browser correctly update the example2.com domain cookies ? Or will it
think it's the example.com cookies that want to update (because JS files
get included in the context of the page they're on, which is of course
in the domain example.com).
Aug 8 '08 #1
Share this Question
Share on Google+
16 Replies


P: n/a
Stevo wrote:
I'm guessing this is a laughably obvious answer to many here, but it's
not to me (and I don't have a server or any knowledge of PHP to be able
to try it). It's not strictly a PHP question, but something that PHP
guys would know the answer to. I can't think of a more appropriate forum
to try. I've heard the ASP and JSP guys aren't as friendly ;-)

Let's say we have a HTML page from domain example.com, and that HTML
page makes a request to example.com to return a JavaScript file. The
request for that file automatically (by the browser) has cookie
information in the request header. If the file being returned has
updated cookie information in the response header, then I imagine the
cookies for example.com get updated (again automatically by the
browser). This is how I imagine things are working based on what I've
read. I've never been involved in server-side scripting, only
client-side updating of cookies. But I believe updated cookies in the
response header does cause cookie updating.

So my main question is, what if that scenario above is slightly
different. What if the JS file it's requesting is actually to a
different unrelated domain server (example2.com) that's going to return
a JavaScript file with updated cookies in the response header. Will the
browser correctly update the example2.com domain cookies ? Or will it
think it's the example.com cookies that want to update (because JS files
get included in the context of the page they're on, which is of course
in the domain example.com).
You're right - it's not a PHP question. Try a javascript newsgroup.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Aug 9 '08 #2

P: n/a
Jerry Stuckle wrote:
Stevo wrote:
>I'm guessing this is a laughably obvious answer to many here, but it's
not to me (and I don't have a server or any knowledge of PHP to be
able to try it). It's not strictly a PHP question, but something that
PHP guys would know the answer to. I can't think of a more appropriate
forum to try. I've heard the ASP and JSP guys aren't as friendly ;-)

Let's say we have a HTML page from domain example.com, and that HTML
page makes a request to example.com to return a JavaScript file. The
request for that file automatically (by the browser) has cookie
information in the request header. If the file being returned has
updated cookie information in the response header, then I imagine the
cookies for example.com get updated (again automatically by the
browser). This is how I imagine things are working based on what I've
read. I've never been involved in server-side scripting, only
client-side updating of cookies. But I believe updated cookies in the
response header does cause cookie updating.

So my main question is, what if that scenario above is slightly
different. What if the JS file it's requesting is actually to a
different unrelated domain server (example2.com) that's going to
return a JavaScript file with updated cookies in the response header.
Will the browser correctly update the example2.com domain cookies ? Or
will it think it's the example.com cookies that want to update
(because JS files get included in the context of the page they're on,
which is of course in the domain example.com).

You're right - it's not a PHP question. Try a javascript newsgroup.
It's certainly not a JavaScript question, there's no JavaScript being
executed here. It's a server-side scripters' question. Something a PHP
programmer would do. I'll ask on a JSP or ASP forum then.
Aug 9 '08 #3

P: n/a
Stevo wrote:
Jerry Stuckle wrote:
>You're right - it's not a PHP question. Try a javascript newsgroup.

It's certainly not a JavaScript question, there's no JavaScript being
executed here. It's a server-side scripters' question. Something a PHP
programmer would do. I'll ask on a JSP or ASP forum then.
The above response is a normal Stuckle repsonse.

It should be interpreted as "I dont know the answer: My ego won't let me
consider hat I don't know everything about PHP: Ergo it cannot be about PHP"

Sadly, I don't know the answer either.
Aug 9 '08 #4

P: n/a
Jerry Stuckle <js*******@attglobal.netwrites:
Stevo wrote:
>I'm guessing this is a laughably obvious answer to many here, but it's not to
me (and I don't have a server or any knowledge of PHP to be able to try
it). It's not strictly a PHP question, but something that PHP guys would know
the answer to. I can't think of a more appropriate forum to try. I've heard
the ASP and JSP guys aren't as friendly ;-)

Let's say we have a HTML page from domain example.com, and that HTML page
makes a request to example.com to return a JavaScript file. The request for
that file automatically (by the browser) has cookie information in the
request header. If the file being returned has updated cookie information in
the response header, then I imagine the cookies for example.com get updated
(again automatically by the browser). This is how I imagine things are
working based on what I've read. I've never been involved in server-side
scripting, only client-side updating of cookies. But I believe updated
cookies in the response header does cause cookie updating.

So my main question is, what if that scenario above is slightly
different. What if the JS file it's requesting is actually to a different
unrelated domain server (example2.com) that's going to return a JavaScript
file with updated cookies in the response header. Will the browser correctly
update the example2.com domain cookies ? Or will it think it's the
example.com cookies that want to update (because JS files get included in
the context of the page they're on, which is of course in the domain
example.com).

You're right - it's not a PHP question. Try a javascript newsgroup.
It is the browser that is fetching the JS file and it certainly knows where it
is fetching it from (example2.com). I am not sure what you mean by updated
cookie, but a cookie with the same name can get set for a different domain.

If the browser allowed different sites to update cookies arbitrarily, it would
create a security issue, as it will allow sites to steal cookies from other
domains.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Aug 9 '08 #5

P: n/a
Stevo wrote:
Jerry Stuckle wrote:
>Stevo wrote:
>>I'm guessing this is a laughably obvious answer to many here, but
it's not to me (and I don't have a server or any knowledge of PHP to
be able to try it). It's not strictly a PHP question, but something
that PHP guys would know the answer to. I can't think of a more
appropriate forum to try. I've heard the ASP and JSP guys aren't as
friendly ;-)

Let's say we have a HTML page from domain example.com, and that HTML
page makes a request to example.com to return a JavaScript file. The
request for that file automatically (by the browser) has cookie
information in the request header. If the file being returned has
updated cookie information in the response header, then I imagine the
cookies for example.com get updated (again automatically by the
browser). This is how I imagine things are working based on what I've
read. I've never been involved in server-side scripting, only
client-side updating of cookies. But I believe updated cookies in the
response header does cause cookie updating.

So my main question is, what if that scenario above is slightly
different. What if the JS file it's requesting is actually to a
different unrelated domain server (example2.com) that's going to
return a JavaScript file with updated cookies in the response header.
Will the browser correctly update the example2.com domain cookies ?
Or will it think it's the example.com cookies that want to update
(because JS files get included in the context of the page they're
on, which is of course in the domain example.com).

You're right - it's not a PHP question. Try a javascript newsgroup.

It's certainly not a JavaScript question, there's no JavaScript being
executed here. It's a server-side scripters' question. Something a PHP
programmer would do. I'll ask on a JSP or ASP forum then.
There is no server side scripting involved in this. It is strictly
between the server and the browser. It works the same way whether
you're dealing with a .php file or a simple .html file.

I suggested a javascript newsgroup because even if you do fetch the file
from another server, you're going to have other security issues when you
execute the javascript.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Aug 9 '08 #6

P: n/a
Jerry Stuckle wrote:
Stevo wrote:
>Jerry Stuckle wrote:
>>Stevo wrote:
I'm guessing this is a laughably obvious answer to many here, but
it's not to me (and I don't have a server or any knowledge of PHP to
be able to try it). It's not strictly a PHP question, but something
that PHP guys would know the answer to. I can't think of a more
appropriate forum to try. I've heard the ASP and JSP guys aren't as
friendly ;-)

Let's say we have a HTML page from domain example.com, and that HTML
page makes a request to example.com to return a JavaScript file. The
request for that file automatically (by the browser) has cookie
information in the request header. If the file being returned has
updated cookie information in the response header, then I imagine
the cookies for example.com get updated (again automatically by the
browser). This is how I imagine things are working based on what
I've read. I've never been involved in server-side scripting, only
client-side updating of cookies. But I believe updated cookies in
the response header does cause cookie updating.

So my main question is, what if that scenario above is slightly
different. What if the JS file it's requesting is actually to a
different unrelated domain server (example2.com) that's going to
return a JavaScript file with updated cookies in the response
header. Will the browser correctly update the example2.com domain
cookies ? Or will it think it's the example.com cookies that want to
update (because JS files get included in the context of the page
they're on, which is of course in the domain example.com).
You're right - it's not a PHP question. Try a javascript newsgroup.

It's certainly not a JavaScript question, there's no JavaScript being
executed here. It's a server-side scripters' question. Something a PHP
programmer would do. I'll ask on a JSP or ASP forum then.

There is no server side scripting involved in this. It is strictly
between the server and the browser. It works the same way whether
you're dealing with a .php file or a simple .html file.
I know. That's why I said right up front it's not a scripting question,
but it IS the type of question that a server-side scripter is more
likely to be familiar with. After all, you s-s- scripter guys do make
calls to addCookie (which adds a Set-Cookie to the response header), and
that tells the browser to set the cookie value.
I suggested a javascript newsgroup because even if you do fetch the file
from another server, you're going to have other security issues when you
execute the javascript.
You've latched onto this idea of JavaScript being executed again. Would
it help if it's an image I'm requesting? The question is the same ...
"if I request an image from another domain and the response has a
Set-Cookie in it, will it set the cookie in that other domain?".
Aug 9 '08 #7

P: n/a
Stevo wrote:
Jerry Stuckle wrote:
>Stevo wrote:
>>Jerry Stuckle wrote:
Stevo wrote:
I'm guessing this is a laughably obvious answer to many here, but
it's not to me (and I don't have a server or any knowledge of PHP
to be able to try it). It's not strictly a PHP question, but
something that PHP guys would know the answer to. I can't think of
a more appropriate forum to try. I've heard the ASP and JSP guys
aren't as friendly ;-)
>
Let's say we have a HTML page from domain example.com, and that
HTML page makes a request to example.com to return a JavaScript
file. The request for that file automatically (by the browser) has
cookie information in the request header. If the file being
returned has updated cookie information in the response header,
then I imagine the cookies for example.com get updated (again
automatically by the browser). This is how I imagine things are
working based on what I've read. I've never been involved in
server-side scripting, only client-side updating of cookies. But I
believe updated cookies in the response header does cause cookie
updating.
>
So my main question is, what if that scenario above is slightly
different. What if the JS file it's requesting is actually to a
different unrelated domain server (example2.com) that's going to
return a JavaScript file with updated cookies in the response
header. Will the browser correctly update the example2.com domain
cookies ? Or will it think it's the example.com cookies that want
to update (because JS files get included in the context of the
page they're on, which is of course in the domain example.com).
>

You're right - it's not a PHP question. Try a javascript newsgroup.

It's certainly not a JavaScript question, there's no JavaScript being
executed here. It's a server-side scripters' question. Something a
PHP programmer would do. I'll ask on a JSP or ASP forum then.

There is no server side scripting involved in this. It is strictly
between the server and the browser. It works the same way whether
you're dealing with a .php file or a simple .html file.

I know. That's why I said right up front it's not a scripting question,
but it IS the type of question that a server-side scripter is more
likely to be familiar with. After all, you s-s- scripter guys do make
calls to addCookie (which adds a Set-Cookie to the response header), and
that tells the browser to set the cookie value.
>I suggested a javascript newsgroup because even if you do fetch the
file from another server, you're going to have other security issues
when you execute the javascript.

You've latched onto this idea of JavaScript being executed again. Would
it help if it's an image I'm requesting? The question is the same ...
"if I request an image from another domain and the response has a
Set-Cookie in it, will it set the cookie in that other domain?".
You talked about requesting a js file - which is entirely different than
requesting an image file.

But in either case, scripting has NOTHING to do with your request. It
can all be done from straight HTML documents.

If you want to know more generic things like that, alt.html is the place
to be.

But it is completely off-topic in this newsgroup.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Aug 9 '08 #8

P: n/a
Chat wrote:
Jerry Stuckle <js*******@attglobal.netwrites:
>Stevo wrote:
>>I'm guessing this is a laughably obvious answer to many here, but it's not to
me (and I don't have a server or any knowledge of PHP to be able to try
it). It's not strictly a PHP question, but something that PHP guys would know
the answer to. I can't think of a more appropriate forum to try. I've heard
the ASP and JSP guys aren't as friendly ;-)

Let's say we have a HTML page from domain example.com, and that HTML page
makes a request to example.com to return a JavaScript file. The request for
that file automatically (by the browser) has cookie information in the
request header. If the file being returned has updated cookie information in
the response header, then I imagine the cookies for example.com get updated
(again automatically by the browser). This is how I imagine things are
working based on what I've read. I've never been involved in server-side
scripting, only client-side updating of cookies. But I believe updated
cookies in the response header does cause cookie updating.

So my main question is, what if that scenario above is slightly
different. What if the JS file it's requesting is actually to a different
unrelated domain server (example2.com) that's going to return a JavaScript
file with updated cookies in the response header. Will the browser correctly
update the example2.com domain cookies ? Or will it think it's the
example.com cookies that want to update (because JS files get included in
the context of the page they're on, which is of course in the domain
example.com).
You're right - it's not a PHP question. Try a javascript newsgroup.

It is the browser that is fetching the JS file and it certainly knows where it
is fetching it from (example2.com). I am not sure what you mean by updated
cookie, but a cookie with the same name can get set for a different domain.
Well, imagine the site is example.com and it requests image with the
name abc.jpg from example2.com. Now this particular user has a
persistent cookie on their machine from example2.com, let's give it the
value "lastfilerequested=foo.gif". The browser knowing it's making an
image request to example2.com, and knowing the user has a cookie from
example2.com, it will automatically put that cookie value in the request
header. Could the server write a Set-Cookie field in the response header
of the image that has the value "lastfilerequested=abc.jpg" and that
cookie be properly written (with an expiry date) belonging to the domain
example2.com?
If the browser allowed different sites to update cookies arbitrarily, it would
create a security issue, as it will allow sites to steal cookies from other
domains.
I don't see how that could work. In my scenario above, the example.com
page doing the requesting of the example2.com image, has no read or
write access to the cookies that the example2.com server and the browser
read and write during their file request exchange. It's only the
example2.com server that gets to know what the cookie value was (that it
effectively has ownership of) and it's the only one that gets to update
it. The example.com site has no knowledge of this going on and has no
particular way of influencing it.
Aug 9 '08 #9

P: n/a
Jerry Stuckle wrote:
Stevo wrote:
>Jerry Stuckle wrote:
>>Stevo wrote:
Jerry Stuckle wrote:
Stevo wrote:
>I'm guessing this is a laughably obvious answer to many here, but
>it's not to me (and I don't have a server or any knowledge of PHP
>to be able to try it). It's not strictly a PHP question, but
>something that PHP guys would know the answer to. I can't think of
>a more appropriate forum to try. I've heard the ASP and JSP guys
>aren't as friendly ;-)
>>
>Let's say we have a HTML page from domain example.com, and that
>HTML page makes a request to example.com to return a JavaScript
>file. The request for that file automatically (by the browser) has
>cookie information in the request header. If the file being
>returned has updated cookie information in the response header,
>then I imagine the cookies for example.com get updated (again
>automatically by the browser). This is how I imagine things are
>working based on what I've read. I've never been involved in
>server-side scripting, only client-side updating of cookies. But I
>believe updated cookies in the response header does cause cookie
>updating.
>>
>So my main question is, what if that scenario above is slightly
>different. What if the JS file it's requesting is actually to a
>different unrelated domain server (example2.com) that's going to
>return a JavaScript file with updated cookies in the response
>header. Will the browser correctly update the example2.com domain
>cookies ? Or will it think it's the example.com cookies that want
>to update (because JS files get included in the context of the
>page they're on, which is of course in the domain example.com).
>>
>
You're right - it's not a PHP question. Try a javascript newsgroup.

It's certainly not a JavaScript question, there's no JavaScript
being executed here. It's a server-side scripters' question.
Something a PHP programmer would do. I'll ask on a JSP or ASP forum
then.
There is no server side scripting involved in this. It is strictly
between the server and the browser. It works the same way whether
you're dealing with a .php file or a simple .html file.

I know. That's why I said right up front it's not a scripting
question, but it IS the type of question that a server-side scripter
is more likely to be familiar with. After all, you s-s- scripter guys
do make calls to addCookie (which adds a Set-Cookie to the response
header), and that tells the browser to set the cookie value.
>>I suggested a javascript newsgroup because even if you do fetch the
file from another server, you're going to have other security issues
when you execute the javascript.

You've latched onto this idea of JavaScript being executed again.
Would it help if it's an image I'm requesting? The question is the
same ... "if I request an image from another domain and the response
has a Set-Cookie in it, will it set the cookie in that other domain?".

You talked about requesting a js file - which is entirely different than
requesting an image file.
Sorry, I should have used an image in my original example. The main
point is, it's a request for a web asset of some kind, and the server
gets to set a cookie in the response. As far as I was aware, the only
way a server can set a cookie in the response is by using server-side
scripting (like PHP for example).
But in either case, scripting has NOTHING to do with your request. It
can all be done from straight HTML documents.
Oh cool, how do I do that exactly? I have access to a couple of
different domain servers so I could setup the test. I imagine the only
way I can achieve it by using HTML files is to use AJAX calls, otherwise
what type of container would I load the HTML file into? If I were to put
it in an iframe, then it wouldn't be a valid test, it wouldn't be
cross-domain. Where can I get to set a cookie in a HTML page without
using client-side scripting?

Aug 9 '08 #10

P: n/a
Stevo wrote:
Jerry Stuckle wrote:
>Stevo wrote:
>>Jerry Stuckle wrote:
Stevo wrote:
Jerry Stuckle wrote:
>Stevo wrote:
>>I'm guessing this is a laughably obvious answer to many here, but
>>it's not to me (and I don't have a server or any knowledge of PHP
>>to be able to try it). It's not strictly a PHP question, but
>>something that PHP guys would know the answer to. I can't think
>>of a more appropriate forum to try. I've heard the ASP and JSP
>>guys aren't as friendly ;-)
>>>
>>Let's say we have a HTML page from domain example.com, and that
>>HTML page makes a request to example.com to return a JavaScript
>>file. The request for that file automatically (by the browser)
>>has cookie information in the request header. If the file being
>>returned has updated cookie information in the response header,
>>then I imagine the cookies for example.com get updated (again
>>automatically by the browser). This is how I imagine things are
>>working based on what I've read. I've never been involved in
>>server-side scripting, only client-side updating of cookies. But
>>I believe updated cookies in the response header does cause
>>cookie updating.
>>>
>>So my main question is, what if that scenario above is slightly
>>different. What if the JS file it's requesting is actually to a
>>different unrelated domain server (example2.com) that's going to
>>return a JavaScript file with updated cookies in the response
>>header. Will the browser correctly update the example2.com domain
>>cookies ? Or will it think it's the example.com cookies that want
>>to update (because JS files get included in the context of the
>>page they're on, which is of course in the domain example.com).
>>>
>>
>You're right - it's not a PHP question. Try a javascript newsgroup.
>
It's certainly not a JavaScript question, there's no JavaScript
being executed here. It's a server-side scripters' question.
Something a PHP programmer would do. I'll ask on a JSP or ASP forum
then.
>

There is no server side scripting involved in this. It is strictly
between the server and the browser. It works the same way whether
you're dealing with a .php file or a simple .html file.

I know. That's why I said right up front it's not a scripting
question, but it IS the type of question that a server-side scripter
is more likely to be familiar with. After all, you s-s- scripter guys
do make calls to addCookie (which adds a Set-Cookie to the response
header), and that tells the browser to set the cookie value.

I suggested a javascript newsgroup because even if you do fetch the
file from another server, you're going to have other security issues
when you execute the javascript.

You've latched onto this idea of JavaScript being executed again.
Would it help if it's an image I'm requesting? The question is the
same ... "if I request an image from another domain and the response
has a Set-Cookie in it, will it set the cookie in that other domain?".

You talked about requesting a js file - which is entirely different
than requesting an image file.

Sorry, I should have used an image in my original example. The main
point is, it's a request for a web asset of some kind, and the server
gets to set a cookie in the response. As far as I was aware, the only
way a server can set a cookie in the response is by using server-side
scripting (like PHP for example).
>But in either case, scripting has NOTHING to do with your request. It
can all be done from straight HTML documents.

Oh cool, how do I do that exactly? I have access to a couple of
different domain servers so I could setup the test. I imagine the only
way I can achieve it by using HTML files is to use AJAX calls, otherwise
what type of container would I load the HTML file into? If I were to put
it in an iframe, then it wouldn't be a valid test, it wouldn't be
cross-domain. Where can I get to set a cookie in a HTML page without
using client-side scripting?

Learn html, among other things. And AJAX calls are javascript, not PHP.

This is not your own personal help group for anything you wish to
discuss. This is a PHP newsgroup for discussing PHP code. That's why
it's called comp.lang.PHP.

Before you post questions in a newsgroup, it is YOUR responsibility to
do a little diagnosis and post in the appropriate newsgroup. No, you
won't get it right all the time - sometimes the clues will initially
point one way but then go somewhere else.

But in this case it should be obvious to anyone. There has been NOTHING
in ANY of your posts relating to PHP code. That's a pretty good
indication it doesn't belong in this newsgroup.

And if you can't figure out where you should be asking, perhaps you need
to hire someone to help you out.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Aug 9 '08 #11

P: n/a
Jerry Stuckle wrote:
Stevo wrote:
>Jerry Stuckle wrote:
>>Stevo wrote:
Jerry Stuckle wrote:
Stevo wrote:
>Jerry Stuckle wrote:
>>Stevo wrote:
>>>I'm guessing this is a laughably obvious answer to many here,
>>>but it's not to me (and I don't have a server or any knowledge
>>>of PHP to be able to try it). It's not strictly a PHP question,
>>>but something that PHP guys would know the answer to. I can't
>>>think of a more appropriate forum to try. I've heard the ASP and
>>>JSP guys aren't as friendly ;-)
>>>>
>>>Let's say we have a HTML page from domain example.com, and that
>>>HTML page makes a request to example.com to return a JavaScript
>>>file. The request for that file automatically (by the browser)
>>>has cookie information in the request header. If the file being
>>>returned has updated cookie information in the response header,
>>>then I imagine the cookies for example.com get updated (again
>>>automatically by the browser). This is how I imagine things are
>>>working based on what I've read. I've never been involved in
>>>server-side scripting, only client-side updating of cookies. But
>>>I believe updated cookies in the response header does cause
>>>cookie updating.
>>>>
>>>So my main question is, what if that scenario above is slightly
>>>different. What if the JS file it's requesting is actually to a
>>>different unrelated domain server (example2.com) that's going to
>>>return a JavaScript file with updated cookies in the response
>>>header. Will the browser correctly update the example2.com
>>>domain cookies ? Or will it think it's the example.com cookies
>>>that want to update (because JS files get included in the
>>>context of the page they're on, which is of course in the domain
>>>example.com).
>>>>
>>>
>>You're right - it's not a PHP question. Try a javascript newsgroup.
>>
>It's certainly not a JavaScript question, there's no JavaScript
>being executed here. It's a server-side scripters' question.
>Something a PHP programmer would do. I'll ask on a JSP or ASP
>forum then.
>>
>
There is no server side scripting involved in this. It is strictly
between the server and the browser. It works the same way whether
you're dealing with a .php file or a simple .html file.

I know. That's why I said right up front it's not a scripting
question, but it IS the type of question that a server-side scripter
is more likely to be familiar with. After all, you s-s- scripter
guys do make calls to addCookie (which adds a Set-Cookie to the
response header), and that tells the browser to set the cookie value.

I suggested a javascript newsgroup because even if you do fetch the
file from another server, you're going to have other security
issues when you execute the javascript.

You've latched onto this idea of JavaScript being executed again.
Would it help if it's an image I'm requesting? The question is the
same ... "if I request an image from another domain and the response
has a Set-Cookie in it, will it set the cookie in that other domain?".
You talked about requesting a js file - which is entirely different
than requesting an image file.

Sorry, I should have used an image in my original example. The main
point is, it's a request for a web asset of some kind, and the server
gets to set a cookie in the response. As far as I was aware, the only
way a server can set a cookie in the response is by using server-side
scripting (like PHP for example).
>>But in either case, scripting has NOTHING to do with your request.
It can all be done from straight HTML documents.

Oh cool, how do I do that exactly? I have access to a couple of
different domain servers so I could setup the test. I imagine the only
way I can achieve it by using HTML files is to use AJAX calls,
otherwise what type of container would I load the HTML file into? If I
were to put it in an iframe, then it wouldn't be a valid test, it
wouldn't be cross-domain. Where can I get to set a cookie in a HTML
page without using client-side scripting?


Learn html, among other things. And AJAX calls are javascript, not PHP.
Well Duh!
This is not your own personal help group for anything you wish to
discuss. This is a PHP newsgroup for discussing PHP code. That's why
it's called comp.lang.PHP.
It's also not your personal help group to tell people what it's not.
But in this case it should be obvious to anyone. There has been NOTHING
in ANY of your posts relating to PHP code. That's a pretty good
indication it doesn't belong in this newsgroup.
Well Duh ! That's why I said in the very first post that it's not a PHP
question, but something that people (P E O P L E) who do PHP would
probably know about (you excluded).

If you don't want to be helpful you can keep your opinions to yourself.
Aug 9 '08 #12

P: n/a
Stevo wrote:
Jerry Stuckle wrote:
>Stevo wrote:
>>Jerry Stuckle wrote:
Stevo wrote:
Jerry Stuckle wrote:
>Stevo wrote:
>>Jerry Stuckle wrote:
>>>Stevo wrote:
>>>>I'm guessing this is a laughably obvious answer to many here,
>>>>but it's not to me (and I don't have a server or any knowledge
>>>>of PHP to be able to try it). It's not strictly a PHP question,
>>>>but something that PHP guys would know the answer to. I can't
>>>>think of a more appropriate forum to try. I've heard the ASP
>>>>and JSP guys aren't as friendly ;-)
>>>>>
>>>>Let's say we have a HTML page from domain example.com, and that
>>>>HTML page makes a request to example.com to return a JavaScript
>>>>file. The request for that file automatically (by the browser)
>>>>has cookie information in the request header. If the file being
>>>>returned has updated cookie information in the response header,
>>>>then I imagine the cookies for example.com get updated (again
>>>>automatically by the browser). This is how I imagine things are
>>>>working based on what I've read. I've never been involved in
>>>>server-side scripting, only client-side updating of cookies.
>>>>But I believe updated cookies in the response header does cause
>>>>cookie updating.
>>>>>
>>>>So my main question is, what if that scenario above is slightly
>>>>different. What if the JS file it's requesting is actually to a
>>>>different unrelated domain server (example2.com) that's going
>>>>to return a JavaScript file with updated cookies in the
>>>>response header. Will the browser correctly update the
>>>>example2.com domain cookies ? Or will it think it's the
>>>>example.com cookies that want to update (because JS files get
>>>>included in the context of the page they're on, which is of
>>>>course in the domain example.com).
>>>>>
>>>>
>>>You're right - it's not a PHP question. Try a javascript
>>>newsgroup.
>>>
>>It's certainly not a JavaScript question, there's no JavaScript
>>being executed here. It's a server-side scripters' question.
>>Something a PHP programmer would do. I'll ask on a JSP or ASP
>>forum then.
>>>
>>
>There is no server side scripting involved in this. It is
>strictly between the server and the browser. It works the same
>way whether you're dealing with a .php file or a simple .html file.
>
I know. That's why I said right up front it's not a scripting
question, but it IS the type of question that a server-side
scripter is more likely to be familiar with. After all, you s-s-
scripter guys do make calls to addCookie (which adds a Set-Cookie
to the response header), and that tells the browser to set the
cookie value.
>
>I suggested a javascript newsgroup because even if you do fetch
>the file from another server, you're going to have other security
>issues when you execute the javascript.
>
You've latched onto this idea of JavaScript being executed again.
Would it help if it's an image I'm requesting? The question is the
same ... "if I request an image from another domain and the
response has a Set-Cookie in it, will it set the cookie in that
other domain?".
>

You talked about requesting a js file - which is entirely different
than requesting an image file.

Sorry, I should have used an image in my original example. The main
point is, it's a request for a web asset of some kind, and the server
gets to set a cookie in the response. As far as I was aware, the only
way a server can set a cookie in the response is by using server-side
scripting (like PHP for example).

But in either case, scripting has NOTHING to do with your request.
It can all be done from straight HTML documents.

Oh cool, how do I do that exactly? I have access to a couple of
different domain servers so I could setup the test. I imagine the
only way I can achieve it by using HTML files is to use AJAX calls,
otherwise what type of container would I load the HTML file into? If
I were to put it in an iframe, then it wouldn't be a valid test, it
wouldn't be cross-domain. Where can I get to set a cookie in a HTML
page without using client-side scripting?


Learn html, among other things. And AJAX calls are javascript, not PHP.

Well Duh!
>This is not your own personal help group for anything you wish to
discuss. This is a PHP newsgroup for discussing PHP code. That's why
it's called comp.lang.PHP.

It's also not your personal help group to tell people what it's not.
>But in this case it should be obvious to anyone. There has been
NOTHING in ANY of your posts relating to PHP code. That's a pretty
good indication it doesn't belong in this newsgroup.

Well Duh ! That's why I said in the very first post that it's not a PHP
question, but something that people (P E O P L E) who do PHP would
probably know about (you excluded).

If you don't want to be helpful you can keep your opinions to yourself.
Why don't you quit being a jackass and post your questions in an
appropriate newsgroup.

Read the charter for this newsgroup (all comp.* newsgroups have one).
It states this is for PHP questions.

But then there are always idiots who think the guidelines don't apply to
them.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Aug 9 '08 #13

P: n/a
Jerry Stuckle wrote:
Why don't you quit being a jackass and post your questions in an
appropriate newsgroup.
As I said, there isn't really an appropriate newsgroup.
Aug 9 '08 #14

P: n/a
Stevo wrote:
Jerry Stuckle wrote:
>Why don't you quit being a jackass and post your questions in an
appropriate newsgroup.

As I said, there isn't really an appropriate newsgroup.
Check again. Once you define the problem properly, you'll find a much
better newsgroup.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Aug 9 '08 #15

P: n/a
Jerry Stuckle wrote:
Stevo wrote:
>Jerry Stuckle wrote:
>>Why don't you quit being a jackass and post your questions in an
appropriate newsgroup.

As I said, there isn't really an appropriate newsgroup.

Check again. Once you define the problem properly, you'll find a much
better newsgroup.
Oh I know I had the right newsgroup. Without any helpful answers though,
I had to gain access to a server that ran php, write my first php script
and put it on there, and in a html page on another domain, I just load
that file. All I had to do was use the setcookie php call to prove my
theory. I now know whether or not a file requested from a separate
domain can write cookies into that domain even though it's requested
from a different domain page.

Weird how the answer to my question came from a test involving php, yet
asking the question in a php group wasn't appropriate.
Aug 12 '08 #16

P: n/a
Stevo wrote:
Jerry Stuckle wrote:
>Stevo wrote:
>>Jerry Stuckle wrote:
Why don't you quit being a jackass and post your questions in an
appropriate newsgroup.

As I said, there isn't really an appropriate newsgroup.

Check again. Once you define the problem properly, you'll find a much
better newsgroup.

Oh I know I had the right newsgroup. Without any helpful answers though,
I had to gain access to a server that ran php, write my first php script
and put it on there, and in a html page on another domain, I just load
that file. All I had to do was use the setcookie php call to prove my
theory. I now know whether or not a file requested from a separate
domain can write cookies into that domain even though it's requested
from a different domain page.

Weird how the answer to my question came from a test involving php, yet
asking the question in a php group wasn't appropriate.
Maybe because the problem wasn't a PHP problem after all?

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Aug 12 '08 #17

This discussion thread is closed

Replies have been disabled for this discussion.