views:

4859

answers:

5

Haven't been able to find anything particular to this situation online so here i go... I need to set/get the cookies stored at "first.com" while browsing "second.com", I have full access of "first.com" but i only have javascript access (can manipulate the DOM as i want) on "second.com".

My first approach was to create an iframe on second.com (with js) that loaded a page like "first.com/doAjax?setCookie=xxx" and that did an ajax call to say "first.com/setCookie?cookieData=xxx" which would set the cookie on "first.com" with the data we passed around.

That pretty much worked fine for setting the cookie on first.com from second.com - for getting a cookie I basically followed the same procedure, created the iframe that loaded "first.com/doAjax?getCookie" and that would do an ajax call to say "first.com/getCookie" which would read the cookie info on first.com and return it as a JSON object.

The problem is that I'm unable to bring that JSON cookie object back to "second.com" so I can read it, well maybe i could just bring it when the Ajax call is complete using "window.top" but there's timing issues because its not relative to when the iframe has been loaded. I hope i am clear and was wondering if there's an easier solution rather than this crazy iframe->ajax crap, also seems like this wont even work for getting cookies in SAFARI.

+1  A: 

You could inject a script element into HEAD of the document with a callback that passes the cookie you need to whatever function needs it.

Something like:

 <script type="text/javascript">
   var newfile=document.createElement('script');
   newfile.setAttribute("type","text/javascript");
   newfile.setAttribute("src", 'http://first.com/doAjax?getCookie&amp;callback=passCookie');
   document.getElementsByTagName("head")[0].appendChild(newfile);
 </script>

And the page first.com/doAjax?getCookie could do this:

     passCookie({'name':'mycookie', 'value':'myvalue'});
Ryan Doherty
Apparently this method only works in Firefox, i tested it in Safari and IE6, both didnt seem to be able to set/get cookies...
Luca Matteis
A: 

I cant use the script tag to read cookies from a different domain, right? I need to actually be on first.com to actually read its cookies, i cant just add a script tag to second.com to get the cookieData... therefore i need to use an iframe, or i dont know...

Maybe i didnt understand your answer, let me know.

Luca Matteis
You aren't technically using a script tag to read the cookie values, the script is included into your page, therefore it is in the same scope and can call any function on second.com
Ryan Doherty
Okay, but the script tag evaluates itself on second.com, therefore reading the cookies from second.com, not first.com
Luca Matteis
Yes, it is evaluated, but the *contents* of the script is generated on first.com, therefore it can pass the cookie values to second.com
Ryan Doherty
what really? does that work for setting cookies as well? is it cross-browser?
Luca Matteis
ok thanks, i tested it and it amazingly worked! wow!
Luca Matteis
Now I know the result of the script tag gets evaluated in the global scope, but what if im returning plain JSON like {"one":"hi"}, how am i suppose to call that if its in the global scope... i guess I could name the object like var myData = {"one":"hi"}, but maybe there's a better solution.
Luca Matteis
Like i said above, this by the way only works in Firefox... any ideas?
Luca Matteis
I have no idea what's going on, you'll need to do more debugging.
Ryan Doherty
A: 

Put this PHP-File to first.com:

//readcookie.php    
echo $_COOKIE['cookiename'];

On second.com you can use this javascript to get the value:

function readCookieCallback()
{
   if ((this.readyState == 4) && (this.status == 200))
   {
     alert("the value of the cookie is: "+this.responseText);
   } 
   else if ((this.readyState == 4) && (this.status != 200))
   {
     //error...
   }
}


function buttonClickOrAnything()
{
  var refreshObject = new XMLHttpRequest();
  if (!refreshObject)
  {
    //IE6 or older
    try
    {
      refreshObject = new ActiveXObject("Msxml2.XMLHTTP");
    }
    catch (e)
    {
      try
      {
        refreshObject = new ActiveXObject("Microsoft.XMLHTTP");
      }
      catch (e)
      {
        return;
      }
    }
  }
  refreshObject.onreadystatechange = readCookieCallback;
  refreshObject.open("GET", "http://www.first.com/readcookie.php");
  refreshObject.send();
}

Regards, Robert

Robert Wismet
Im able to GET cookies fine with the method provided by Ryan Doherty, it seems like it SETs cookies as well on most of the browser except Safari.
Luca Matteis
A: 

For SETTING cookies you can change my script as follows:

The new PHP-Script:

//writecookie.php
setcookie($_GET['c'], $_GET['v']);

And the JavaScript:

function buttonClickOrAnything()
{
  var refreshObject = new XMLHttpRequest();
  if (!refreshObject)
  {
    //IE6 or older
    try
    {
      refreshObject = new ActiveXObject("Msxml2.XMLHTTP");
    }
    catch (e)
    {
      try
      {
        refreshObject = new ActiveXObject("Microsoft.XMLHTTP");
      }
      catch (e)
      {
        return;
      }
    }
  }
  refreshObject.open("GET", "http://www.first.com/writecookie.php?c=cookiename&amp;v=cookievalue");
  refreshObject.send();
}

That should work on all browsers.

Robert Wismet
No, ajax calls aren't allowed cross-domain...
Luca Matteis
A: 

Hi all, I've exactly the same need and same access on first/second.com as you Luca. I've tryed Both Ryan's solution and Robert's one :

=> Ryan's works perfecly on Safari, Firefox, Chrome, but not on IE8 that never allows cookies to come or go unless you set security level to low in IE options. I've tryed to set P3P options on first.com side but nothing changed. Do you know a solution to bypass this IE8 specific issue ? I cannot decently tell people to change their security level if they use IE.

=> Robert's never retrieve the cookies the readcookie page is supposed to retrieve even if the page is correcly called. Any idea ?

Thank's a lot Vincent

Vincent Bontoux
Hi, welcome at Stackoverflow! This isn't an answer. This is a question! Please post questions as questions by pressing `Ask Question` at right top. Feel free to include links to topics you found, but weren't helpful.
BalusC