views:

115

answers:

2

I have a site on A.com and an iframe on B.com which reads info from A.com. I realize that there is some problems with third party cookies, iframes and P3P - particularly in Safari [my problem]

Is it possible to instead, use AJAX or a hidden iFrame to pass the cookie information from A.com to B.com which will then "recreate" another cookie with the same information on the iframe in B.com.

I am trying to do this for authenication - i.e. a user is logged in on A.com and then goes to b.com and the iframe is also logged in ?

I was hoping to perhaps pass the data in a hidden iframe and "recreate" the cookie in the iframe on B.com using JavaScript? Is this possible ? Security issues ? What about HTTPS?

A: 

I'm afraid you're out of luck. In Safari and IE8, it's impossible to set a cookie in a domain which is not the primary document's domain.

So, in other words, you can only set cookies for a domain which is visible in the address bar. There are no tricks to get around this problem.

Philippe Leybaert
ah really so you cant even "create" the cookie at all ?
Tom
i.e. its not passing the "cookie itself" - rather passing the cookie data, then using createCookie() to recreate the cookie ? or still wont be allowed ?
Tom
No, the frame for B.com is not allowed to set/create ANY cookies.
Philippe Leybaert
ok thanks :( well there goes that idea. ill try to use P3P only then and some kind of work around
Tom
A: 

Have you considered using a shared database for authentication?

Jan Kuboschek