最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客

javascript - Cross domain cookie with script tag? - Stack Overflow

programmeradmin4浏览0评论

I was working on jsonP to send data from a cookie, from a domain A to a domain B. It works well, but my question is not here. I just realize that if I only put a script tag on my domain B pointing to my domain A, all the cookies of my domain A are set on my domain B.

Example: I put this tag on my domain B :

<script src="/"></script>

Only with that, all the cookies of my domain A are set on my domain B. My question is, is it normal? I thought cookie need some hacks to be cross domain, but i didn't think it was that easy.

Sorry for my bad english, and apologize if my question is stupid or if it has been asked before.

Thanks in advance.

I was working on jsonP to send data from a cookie, from a domain A to a domain B. It works well, but my question is not here. I just realize that if I only put a script tag on my domain B pointing to my domain A, all the cookies of my domain A are set on my domain B.

Example: I put this tag on my domain B :

<script src="http://mydomainA./"></script>

Only with that, all the cookies of my domain A are set on my domain B. My question is, is it normal? I thought cookie need some hacks to be cross domain, but i didn't think it was that easy.

Sorry for my bad english, and apologize if my question is stupid or if it has been asked before.

Thanks in advance.

Share Improve this question edited Dec 11, 2012 at 10:38 Anders R. Bystrup 16.1k11 gold badges63 silver badges58 bronze badges asked Dec 11, 2012 at 10:32 M4nch4kM4nch4k 4651 gold badge5 silver badges18 bronze badges 5
  • How are you setting the cookies? – Quentin Commented Dec 11, 2012 at 10:58
  • How did you e to the conclusion that cookies for domain A are sent to domain B? Can you illustrate the process? – Raffaele Commented Dec 11, 2012 at 11:05
  • I can put a ink link pointing any website in my script, all the cookies of this site are set on my domain B. I guess these cookies are set by php or javascript. I came to this conclusion because if there isn't the script tag including my domain A, i only have the cookies of my domain B. And when i put the link pointing my domain A into my script tag, i have the cookies of my dimain + the cookies of my domain A – M4nch4k Commented Dec 11, 2012 at 11:18
  • The point is: where do you read cookies? – Raffaele Commented Dec 11, 2012 at 11:54
  • Firefox, firebug, I guess there is an option set to allow cookies from other website and maybe it's only in Firefox – M4nch4k Commented Dec 11, 2012 at 14:45
Add a ment  | 

1 Answer 1

Reset to default 5

Cookies are simply headers in HTTP requests. When the browser requests

GET /foo
Host: a.

it receives a HTML document, which contains a <script> tag hosted on another domain. So it fires another request:

GET /script.js
Host: b.
Cookie: foobarbaz

and it can certainly append cookies for domain b., if any. This means that the last time the browser contacted b., the HTTP response contained an header like

...
Set-Cookie: foobarbaz
...

and so subsequent requests to the same domain will maintain the session. When the browser requests another resource to a. such as

GET /bar.jpeg
Host: a.

the cookie foobarbaz set by b. will not be sent along with the request, so the scripts on a. don't have access to data from b..

发布评论

评论列表(0)

  1. 暂无评论