X-Domain Cookies in iFrames | ansaurus

tags:

views:

50

answers:

1

Q:

X-Domain Cookies in iFrames

Hi Guys,

I have a domain A.com which is my website. I want to allow the user to login and then I have embedded an iframe into domain B.com which attempts to grab the cookie from A.com to allow the user to be continued to be signed in.

I can't seem to get this working in IE ? A new session gets set instead and the cookie is never retrieved.

I have set a P3P policy ? Any ideas what I am doing wrong.

+1 A:

B.com is not going to be able to access cookies from A.com. I think you are confusing third-party cookies with cross-domain cookies. With a third-party cookie (which P3P is relevant to), B's content (e.g. http://b.com/foo.png) is included on http://a.com and sets its own cookie. That doesn't allow A or B to read each other's cookies though.

If you want A and B to communicate on the client side, you can use hacks like fragment id messaging, or developing functionality like postMessage

Matthew Flaschen 2010-05-31 05:12:10

hey :) i thought the iframe on b.com and a.com are "same-domain" ? so the only way to do this then is to open a new window in the iframe in b.com [which loads content from a.com] and check for the cookie?

John 2010-05-31 05:16:01

or are a.com and b.com not in the same-origin ?

John 2010-05-31 05:24:12

Right, they're different origins.

Matthew Flaschen 2010-05-31 05:30:55

thx - so the only way to do this then is to open a new window from the iframe in b.com [which loads the cookie from a.com] and check for the cookie?

John 2010-05-31 05:34:29

If I understand you correctly (it might help to add psuedo-code), that won't work either.

Matthew Flaschen 2010-05-31 05:38:38

related questions

What are the potential pitfalls of using HTML Frames for templating?

Resizing an iframe based on content

Running Google Analytics in iframe?

"Access is denied" error on accessing iframe document object

Googlebot + IFrames ?

Javascript Iframe innerHTML

Mouse Scroll Wheel and IFRAME

Options for Dynamic content in ASP.Net

Is there a way to get the parent URL from an Iframe's content?

How to auto-focus RTE editor inside firefox?

Accessing Domain Cookies within an iFrame on Internet Explorer

Are iframes a terrible idea?

Silverlight app and an iframe co-existing on the same page

What's the best way to reload a iframe using javascript?

Dreaded iframe horizontal scroll bar can't be removed in IE?

Remove border from IFrame

iframe wikipedia article without the wrapper

<iframe> - How to show the whole height of referenced page?

Embed asp page without iframe

Can I prevent user pasting Javascript into Design Mode IFrame?

How do I get the current location of an iframe?

Retrieving HTTP status code from loaded iframe with Javascript

Making an iframe take vertical space

iFrame Best Practices

Options for Google Maps over SSL