How third party sites can check if user agreed/pass sth on my site, so they can let him pass sth on their sites?

Question

How third party sites can check if user agreed to something(i.e. click ok)/pass some test on my site, so they can let him pass to some hidden resources on ther site? The problem is, user should not be asked to register on those third party sites, and i give those sites only javascript to paste into their code and merely button and some text.

If it will help, i am using django.

Answer 1

Hi,

I don't really understand what sth/pass sth means but I can bet the answer is **cookies**. Edit: Well, the session information is stored with cookies so they have something to do with it, but they're not enough. You will need a service on your domain (a server script) that will be called by the 3rd party sites with AJAX. The service will respond if the user qualifies (i.e. give a valid/invalid output).

I would like to refute my previous answer on the grounds that it does not offer a solution to your question, it does not help you in any way to find a solution and is technically incorrect.

New answer:

1. Choose a method to validate that the user did your action (a cookie maybe).
2. Have a server script on your site that responds to questions about that validation. Say userValidates.py. This should check if the user did your action (check the cookie).
3. Provide a JavaScript snippet that the 3rd party includes on their site. That snippet will create an invisible iframe to userValidates.py on your domain. The same script needs to create an invisible iframe with something on the 3rd party domain.
4. After userValidates.py makes its check it will change the location of the other invisile iframe.
5. You supplied JavaScript from 3 will be able to read the changed location of the iframe because they're from the same domain.

See this well written article for more details and examples: http://softwareas.com/cross-domain-communication-with-iframes .