tags:

views:

1162

answers:

5
+1  Q: 

Can I use an <img> tag to send cookies across domains?

Look at this situation:

  1. www.websitea.com displays an img tag with a src attribute of www.websiteb.com/image.aspx?id=5 and style="display:none"
  2. www.websiteb.com returns an clear image, in addition to a cookie with a name of referrer and value of 5 (created server-side from validated querystring.)

Would the cookie be created on domain www.websitea.com or www.websiteb.com?

Currently I'm sure a series of redirects with querystrings and to achieve cross-domain cookies, but I came up with this image idea a little ago. I guess I could also use an iframe.

Thanks!

+5  A: 

The cookie would be created for websiteb.com.

sammich  2008-12-30 21:20:23
+1  A: 

The cookie is created from the request to websiteb.com so yea... the cookie goes to websiteb scope

DFectuoso  2008-12-30 21:26:22
+4  A: 

Check out: cross-domain-user-tracking

Someone mentions using a 1x1 image for tracking across domains.

 2008-12-30 21:27:08
i marked this the answer because it eventually solved my problem with ie6
Shawn Simon  2008-12-30 22:23:09
A: 

Ok looks good. Tested in all browsers. Added a P3P tag for IE6, not sure if it was necessary though.

<%@ Page Language="VB" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"&gt;

<script runat="server">
    Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs)
        Response.AddHeader("P3P", "CP=""CAO PSA OUR""")
        Dim passedlocalizeID As String = Request.QueryString("id")
        Dim localizeID As Integer
        If passedlocalizeID IsNot Nothing AndAlso Int32.TryParse(passedlocalizeID, localizeID) Then
            Dim localizer As New Localizer
            localizer.LocalizeTo(localizeID)
        End If
    End Sub
</script>

<html xmlns="http://www.w3.org/1999/xhtml"&gt;
<head runat="server">
    <title>Redirecting . . .</title>
    <meta http-equiv="refresh" content="0;URL=/" />
</head>
<body>
    <form id="form1" runat="server">
    <div>
    </div>
    </form>
</body>
</html>
Shawn Simon  2008-12-30 21:31:54
+1  A: 

You're on the right track. As others have mentioned, the cookie would be created for websiteb.com.

To overcome issues with IE you'll probably need to ad a Compact Privacy policy.

Start here: http://msdn.microsoft.com/en-us/library/ms537342.aspx and Google for the rest.

AnonJr  2008-12-30 22:25:30

related questions

Storing xml data in a cookie
Best way to secure an AJAX app
Is it possible to delete subdomain cookies?
What are the possible causes of a CGI::Session::CookieStore::TamperedWithCookie exception in rails
How do I access cookies within Flash?
Cookies and subdomains
Accessing Domain Cookies within an iFrame on Internet Explorer
Web Dev - Where to store state of a shopping-cart-like object?
Can JQuery read/write cookies to a browser?
Can you reliably set or delete a cookie during the server side processing of an Ajax (XHR) call?
How can I add cookies to Seaside responses without redirecting?
passing or reading .net cookie in php page
Best way for allowing subdomain session cookies using Tomcat
Why can't I delete this cookie?!
Apache Download: Make sure that page was viewed before download
Secure session cookies in ASP.NET over HTTPS
Always including the user in the django template context
How do you set up use HttpOnly cookies in PHP
How exactly do you configure httpOnlyCookies in ASP.NET?
How do you configure HttpOnly cookies in tomcat / java webapps?
How do HttpOnly cookies work with AJAX requests?
What is the best way to prevent session hijacking?
Associating source and search keywords with account creation
How would you implement FORM based authentication without a backing database?
How do I stop IIS7 dropping my cookies?