I'd like to remove the cookies of another site from users on my site. Is there any way to access the cookies from different domains.
+11
A:
No, of course not. That would be terrible. How would you like it if any site you went to could just read your stored password to any site you have saved?
ryeguy
2009-09-09 14:06:29
Cookies shouldn't have stored passwords in them...
Moo
2010-01-24 22:34:26
+9
A:
No, the same origin policy forbids that. You can only view or set cookies that you set and that are valid for the current URL.
Gumbo
2009-09-09 14:06:47
+2
A:
Try it and Google will block your site from Chrome and your whole site will end up being blacklisted as it appears to contain Malware! While it's not illegal, it's a kind of behaviour that makes you as popular on the Internet as the average spammer...
Furthermore, the storage of cookies depends on the browser that is used by the client. You don't have any control over that.
However, if the other site has an URL that will remove the cookie, you can inline that URL in an IFrame on your site so visitors of your site will call the cookie cleaner from the other site, thus clearing their cookie in a valid way. The Same Origin Policy will apply in this case since it's the original site that clears it. But if the other site offers no such functionality then it won't work...
Workshop Alex
2009-09-09 14:32:06
+1
A:
The only place I can think that this you'd need this would be if you owned many domains, and you log in on one domain, you want to log off in another domain.
In php, the "setcookie" function has a way to specify a domain. You should put in the domain you wish for the cookies to be modified under. Then when you can erase/modify the cookies across all those domain.
Otherwise though, the answer is no, you cannot modify a cookie on another domain unless it gave you permission to modify such cookies.
Daniel
2009-09-09 14:40:52
+1
A:
OK! I guess its not a smart things to do haha.
Just a bit of background. I'm working with an affiliate program for my site where when you click to them the shopping cart fills with the contents of what was clicked on my site. The only issue is they have some god-awful cookie system that stores a sessionId for your last click. So if a user clicks on tickets to a red sox game and then a marlins game, the cart will still fill with red sox tickets unless the cookies are cleared. They are relatively unresponsive about this issue so I thought I'd take matters into my own hand by checking to see whether the session cookie exists and then clearing it.
But I'm guessing this is not a good idea...
Arnold
2009-09-09 15:02:08
Ohhhhh. It sounded like you were trying to hack someone else's site. I don't quite understand the flow you're describing. Are you saying that you send Red Sox, they get Red Sox; later you send Marlins, they get Marlins plus a ghost Red Sox? If so, sounds like a bug on their side that's out of your control, but without more detail, it's hard to say.
Jay
2009-09-09 15:25:14
If a cookie is affecting this, then it means you have it under your control. All you need to do is clear it or save it.
Daniel
2009-09-09 15:42:01
Please edit your question and don’t respond with an answer if it’s not an answer to your question.
Gumbo
2009-09-09 15:54:17
A:
Wow, I certainly hope there's no way to do this! If there is a way, it's a bug in the browser security.
Obvious follow-up questions: Is there any way I can set something in a user's browser that will prevent him from accessing a competitor's site? Is there any way I can cause other people's web servers to explode and kill everyone in the building?
Jay
2009-09-09 15:18:10