Cross-domain cookie updating ?

**Jerry Stuckle** · Aug 9 '08, 12:45 AM

Re: Cross-domain cookie updating ?

Stevo wrote:

I'm guessing this is a laughably obvious answer to many here, but it's
not to me (and I don't have a server or any knowledge of PHP to be able
to try it). It's not strictly a PHP question, but something that PHP
guys would know the answer to. I can't think of a more appropriate forum
to try. I've heard the ASP and JSP guys aren't as friendly ;-)
>
Let's say we have a HTML page from domain example.com, and that HTML
page makes a request to example.com to return a JavaScript file. The
request for that file automatically (by the browser) has cookie
information in the request header. If the file being returned has
updated cookie information in the response header, then I imagine the
cookies for example.com get updated (again automatically by the
browser). This is how I imagine things are working based on what I've
read. I've never been involved in server-side scripting, only
client-side updating of cookies. But I believe updated cookies in the
response header does cause cookie updating.
>
So my main question is, what if that scenario above is slightly
different. What if the JS file it's requesting is actually to a
different unrelated domain server (example2.com) that's going to return
a JavaScript file with updated cookies in the response header. Will the
browser correctly update the example2.com domain cookies ? Or will it
think it's the example.com cookies that want to update (because JS files
get included in the context of the page they're on, which is of course
in the domain example.com).
>

You're right - it's not a PHP question. Try a javascript newsgroup.

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

**Stevo** · Aug 9 '08, 05:55 AM

Re: Cross-domain cookie updating ?

Jerry Stuckle wrote:

Stevo wrote:

>I'm guessing this is a laughably obvious answer to many here, but it's
>not to me (and I don't have a server or any knowledge of PHP to be
>able to try it). It's not strictly a PHP question, but something that
>PHP guys would know the answer to. I can't think of a more appropriate
>forum to try. I've heard the ASP and JSP guys aren't as friendly ;-)
>>
>Let's say we have a HTML page from domain example.com, and that HTML
>page makes a request to example.com to return a JavaScript file. The
>request for that file automatically (by the browser) has cookie
>information in the request header. If the file being returned has
>updated cookie information in the response header, then I imagine the
>cookies for example.com get updated (again automatically by the
>browser). This is how I imagine things are working based on what I've
>read. I've never been involved in server-side scripting, only
>client-side updating of cookies. But I believe updated cookies in the
>response header does cause cookie updating.
>>
>So my main question is, what if that scenario above is slightly
>different. What if the JS file it's requesting is actually to a
>different unrelated domain server (example2.com) that's going to
>return a JavaScript file with updated cookies in the response header.
>Will the browser correctly update the example2.com domain cookies ? Or
>will it think it's the example.com cookies that want to update
>(because JS files get included in the context of the page they're on,
>which is of course in the domain example.com).
>>

>
You're right - it's not a PHP question. Try a javascript newsgroup.

It's certainly not a JavaScript question, there's no JavaScript being
executed here. It's a server-side scripters' question. Something a PHP
programmer would do. I'll ask on a JSP or ASP forum then.

**The Natural Philosopher** · Aug 9 '08, 07:25 AM

Re: Cross-domain cookie updating ?

Stevo wrote:

Jerry Stuckle wrote:

>You're right - it's not a PHP question. Try a javascript newsgroup.

>
It's certainly not a JavaScript question, there's no JavaScript being
executed here. It's a server-side scripters' question. Something a PHP
programmer would do. I'll ask on a JSP or ASP forum then.

The above response is a normal Stuckle repsonse.

It should be interpreted as "I dont know the answer: My ego won't let me
consider hat I don't know everything about PHP: Ergo it cannot be about PHP"

Sadly, I don't know the answer either.

**Chat** · Aug 9 '08, 08:55 AM

Re: Cross-domain cookie updating ?

Jerry Stuckle <jstucklex@attg lobal.netwrites :

Stevo wrote:

>I'm guessing this is a laughably obvious answer to many here, but it's not to
>me (and I don't have a server or any knowledge of PHP to be able to try
>it). It's not strictly a PHP question, but something that PHP guys would know
>the answer to. I can't think of a more appropriate forum to try. I've heard
>the ASP and JSP guys aren't as friendly ;-)
>>
>Let's say we have a HTML page from domain example.com, and that HTML page
>makes a request to example.com to return a JavaScript file. The request for
>that file automatically (by the browser) has cookie information in the
>request header. If the file being returned has updated cookie information in
>the response header, then I imagine the cookies for example.com get updated
>(again automatically by the browser). This is how I imagine things are
>working based on what I've read. I've never been involved in server-side
>scripting, only client-side updating of cookies. But I believe updated
>cookies in the response header does cause cookie updating.
>>
>So my main question is, what if that scenario above is slightly
>different. What if the JS file it's requesting is actually to a different
>unrelated domain server (example2.com) that's going to return a JavaScript
>file with updated cookies in the response header. Will the browser correctly
>update the example2.com domain cookies ? Or will it think it's the
>example.com cookies that want to update (because JS files get included in
>the context of the page they're on, which is of course in the domain
>example.com) .
>>

>
You're right - it's not a PHP question. Try a javascript newsgroup.

It is the browser that is fetching the JS file and it certainly knows where it
is fetching it from (example2.com). I am not sure what you mean by updated
cookie, but a cookie with the same name can get set for a different domain.

If the browser allowed different sites to update cookies arbitrarily, it would
create a security issue, as it will allow sites to steal cookies from other
domains.

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

**Jerry Stuckle** · Aug 9 '08, 02:35 PM

Re: Cross-domain cookie updating ?

Stevo wrote:

Jerry Stuckle wrote:

>Stevo wrote:

>>I'm guessing this is a laughably obvious answer to many here, but
>>it's not to me (and I don't have a server or any knowledge of PHP to
>>be able to try it). It's not strictly a PHP question, but something
>>that PHP guys would know the answer to. I can't think of a more
>>appropriate forum to try. I've heard the ASP and JSP guys aren't as
>>friendly ;-)
>>>
>>Let's say we have a HTML page from domain example.com, and that HTML
>>page makes a request to example.com to return a JavaScript file. The
>>request for that file automatically (by the browser) has cookie
>>information in the request header. If the file being returned has
>>updated cookie information in the response header, then I imagine the
>>cookies for example.com get updated (again automatically by the
>>browser). This is how I imagine things are working based on what I've
>>read. I've never been involved in server-side scripting, only
>>client-side updating of cookies. But I believe updated cookies in the
>>response header does cause cookie updating.
>>>
>>So my main question is, what if that scenario above is slightly
>>different. What if the JS file it's requesting is actually to a
>>different unrelated domain server (example2.com) that's going to
>>return a JavaScript file with updated cookies in the response header.
>>Will the browser correctly update the example2.com domain cookies ?
>>Or will it think it's the example.com cookies that want to update
>>(because JS files get included in the context of the page they're
>>on, which is of course in the domain example.com).
>>>

>>
>You're right - it's not a PHP question. Try a javascript newsgroup.

>
It's certainly not a JavaScript question, there's no JavaScript being
executed here. It's a server-side scripters' question. Something a PHP
programmer would do. I'll ask on a JSP or ASP forum then.
>

There is no server side scripting involved in this. It is strictly
between the server and the browser. It works the same way whether
you're dealing with a .php file or a simple .html file.

I suggested a javascript newsgroup because even if you do fetch the file
from another server, you're going to have other security issues when you
execute the javascript.

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

**Stevo** · Aug 9 '08, 06:35 PM

Re: Cross-domain cookie updating ?

Jerry Stuckle wrote:

Stevo wrote:

>Jerry Stuckle wrote:

>>Stevo wrote:
>>>I'm guessing this is a laughably obvious answer to many here, but
>>>it's not to me (and I don't have a server or any knowledge of PHP to
>>>be able to try it). It's not strictly a PHP question, but something
>>>that PHP guys would know the answer to. I can't think of a more
>>>appropriat e forum to try. I've heard the ASP and JSP guys aren't as
>>>friendly ;-)
>>>>
>>>Let's say we have a HTML page from domain example.com, and that HTML
>>>page makes a request to example.com to return a JavaScript file. The
>>>request for that file automatically (by the browser) has cookie
>>>informatio n in the request header. If the file being returned has
>>>updated cookie information in the response header, then I imagine
>>>the cookies for example.com get updated (again automatically by the
>>>browser). This is how I imagine things are working based on what
>>>I've read. I've never been involved in server-side scripting, only
>>>client-side updating of cookies. But I believe updated cookies in
>>>the response header does cause cookie updating.
>>>>
>>>So my main question is, what if that scenario above is slightly
>>>different. What if the JS file it's requesting is actually to a
>>>different unrelated domain server (example2.com) that's going to
>>>return a JavaScript file with updated cookies in the response
>>>header. Will the browser correctly update the example2.com domain
>>>cookies ? Or will it think it's the example.com cookies that want to
>>>update (because JS files get included in the context of the page
>>>they're on, which is of course in the domain example.com).
>>>>
>>>
>>You're right - it's not a PHP question. Try a javascript newsgroup.

>>
>It's certainly not a JavaScript question, there's no JavaScript being
>executed here. It's a server-side scripters' question. Something a PHP
>programmer would do. I'll ask on a JSP or ASP forum then.
>>

>
There is no server side scripting involved in this. It is strictly
between the server and the browser. It works the same way whether
you're dealing with a .php file or a simple .html file.

I know. That's why I said right up front it's not a scripting question,
but it IS the type of question that a server-side scripter is more
likely to be familiar with. After all, you s-s- scripter guys do make
calls to addCookie (which adds a Set-Cookie to the response header), and
that tells the browser to set the cookie value.

I suggested a javascript newsgroup because even if you do fetch the file
from another server, you're going to have other security issues when you
execute the javascript.

You've latched onto this idea of JavaScript being executed again. Would
it help if it's an image I'm requesting? The question is the same ...
"if I request an image from another domain and the response has a
Set-Cookie in it, will it set the cookie in that other domain?".

**Jerry Stuckle** · Aug 9 '08, 06:45 PM

Re: Cross-domain cookie updating ?

Stevo wrote:

Jerry Stuckle wrote:

>Stevo wrote:

>>Jerry Stuckle wrote:
>>>Stevo wrote:
>>>>I'm guessing this is a laughably obvious answer to many here, but
>>>>it's not to me (and I don't have a server or any knowledge of PHP
>>>>to be able to try it). It's not strictly a PHP question, but
>>>>something that PHP guys would know the answer to. I can't think of
>>>>a more appropriate forum to try. I've heard the ASP and JSP guys
>>>>aren't as friendly ;-)
>>>>>
>>>>Let's say we have a HTML page from domain example.com, and that
>>>>HTML page makes a request to example.com to return a JavaScript
>>>>file. The request for that file automatically (by the browser) has
>>>>cookie information in the request header. If the file being
>>>>returned has updated cookie information in the response header,
>>>>then I imagine the cookies for example.com get updated (again
>>>>automatical ly by the browser). This is how I imagine things are
>>>>working based on what I've read. I've never been involved in
>>>>server-side scripting, only client-side updating of cookies. But I
>>>>believe updated cookies in the response header does cause cookie
>>>>updating.
>>>>>
>>>>So my main question is, what if that scenario above is slightly
>>>>different . What if the JS file it's requesting is actually to a
>>>>different unrelated domain server (example2.com) that's going to
>>>>return a JavaScript file with updated cookies in the response
>>>>header. Will the browser correctly update the example2.com domain
>>>>cookies ? Or will it think it's the example.com cookies that want
>>>>to update (because JS files get included in the context of the
>>>>page they're on, which is of course in the domain example.com).
>>>>>
>>>>
>>>You're right - it's not a PHP question. Try a javascript newsgroup.
>>>
>>It's certainly not a JavaScript question, there's no JavaScript being
>>executed here. It's a server-side scripters' question. Something a
>>PHP programmer would do. I'll ask on a JSP or ASP forum then.
>>>

>>
>There is no server side scripting involved in this. It is strictly
>between the server and the browser. It works the same way whether
>you're dealing with a .php file or a simple .html file.

>
I know. That's why I said right up front it's not a scripting question,
but it IS the type of question that a server-side scripter is more
likely to be familiar with. After all, you s-s- scripter guys do make
calls to addCookie (which adds a Set-Cookie to the response header), and
that tells the browser to set the cookie value.
>

>I suggested a javascript newsgroup because even if you do fetch the
>file from another server, you're going to have other security issues
>when you execute the javascript.

>
You've latched onto this idea of JavaScript being executed again. Would
it help if it's an image I'm requesting? The question is the same ...
"if I request an image from another domain and the response has a
Set-Cookie in it, will it set the cookie in that other domain?".
>

You talked about requesting a js file - which is entirely different than
requesting an image file.

But in either case, scripting has NOTHING to do with your request. It
can all be done from straight HTML documents.

If you want to know more generic things like that, alt.html is the place
to be.

But it is completely off-topic in this newsgroup.

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

**Stevo** · Aug 9 '08, 06:45 PM

Re: Cross-domain cookie updating ?

Chat wrote:

Jerry Stuckle <jstucklex@attg lobal.netwrites :
>

>Stevo wrote:

>>I'm guessing this is a laughably obvious answer to many here, but it's not to
>>me (and I don't have a server or any knowledge of PHP to be able to try
>>it). It's not strictly a PHP question, but something that PHP guys would know
>>the answer to. I can't think of a more appropriate forum to try. I've heard
>>the ASP and JSP guys aren't as friendly ;-)
>>>
>>Let's say we have a HTML page from domain example.com, and that HTML page
>>makes a request to example.com to return a JavaScript file. The request for
>>that file automatically (by the browser) has cookie information in the
>>request header. If the file being returned has updated cookie information in
>>the response header, then I imagine the cookies for example.com get updated
>>(again automatically by the browser). This is how I imagine things are
>>working based on what I've read. I've never been involved in server-side
>>scripting, only client-side updating of cookies. But I believe updated
>>cookies in the response header does cause cookie updating.
>>>
>>So my main question is, what if that scenario above is slightly
>>different. What if the JS file it's requesting is actually to a different
>>unrelated domain server (example2.com) that's going to return a JavaScript
>>file with updated cookies in the response header. Will the browser correctly
>>update the example2.com domain cookies ? Or will it think it's the
>>example.com cookies that want to update (because JS files get included in
>>the context of the page they're on, which is of course in the domain
>>example.com ).
>>>

>You're right - it's not a PHP question. Try a javascript newsgroup.

>
It is the browser that is fetching the JS file and it certainly knows where it
is fetching it from (example2.com). I am not sure what you mean by updated
cookie, but a cookie with the same name can get set for a different domain.

Well, imagine the site is example.com and it requests image with the
name abc.jpg from example2.com. Now this particular user has a
persistent cookie on their machine from example2.com, let's give it the
value "lastfilereques ted=foo.gif". The browser knowing it's making an
image request to example2.com, and knowing the user has a cookie from
example2.com, it will automatically put that cookie value in the request
header. Could the server write a Set-Cookie field in the response header
of the image that has the value "lastfilereques ted=abc.jpg" and that
cookie be properly written (with an expiry date) belonging to the domain
example2.com?

If the browser allowed different sites to update cookies arbitrarily, it would
create a security issue, as it will allow sites to steal cookies from other
domains.

I don't see how that could work. In my scenario above, the example.com
page doing the requesting of the example2.com image, has no read or
write access to the cookies that the example2.com server and the browser
read and write during their file request exchange. It's only the
example2.com server that gets to know what the cookie value was (that it
effectively has ownership of) and it's the only one that gets to update
it. The example.com site has no knowledge of this going on and has no
particular way of influencing it.

**Stevo** · Aug 9 '08, 06:45 PM

Re: Cross-domain cookie updating ?

Jerry Stuckle wrote:

Stevo wrote:

>Jerry Stuckle wrote:

>>Stevo wrote:
>>>Jerry Stuckle wrote:
>>>>Stevo wrote:
>>>>>I'm guessing this is a laughably obvious answer to many here, but
>>>>>it's not to me (and I don't have a server or any knowledge of PHP
>>>>>to be able to try it). It's not strictly a PHP question, but
>>>>>somethin g that PHP guys would know the answer to. I can't think of
>>>>>a more appropriate forum to try. I've heard the ASP and JSP guys
>>>>>aren't as friendly ;-)
>>>>>>
>>>>>Let's say we have a HTML page from domain example.com, and that
>>>>>HTML page makes a request to example.com to return a JavaScript
>>>>>file. The request for that file automatically (by the browser) has
>>>>>cookie information in the request header. If the file being
>>>>>returned has updated cookie information in the response header,
>>>>>then I imagine the cookies for example.com get updated (again
>>>>>automatica lly by the browser). This is how I imagine things are
>>>>>working based on what I've read. I've never been involved in
>>>>>server-side scripting, only client-side updating of cookies. But I
>>>>>believe updated cookies in the response header does cause cookie
>>>>>updating .
>>>>>>
>>>>>So my main question is, what if that scenario above is slightly
>>>>>differen t. What if the JS file it's requesting is actually to a
>>>>>differen t unrelated domain server (example2.com) that's going to
>>>>>return a JavaScript file with updated cookies in the response
>>>>>header. Will the browser correctly update the example2.com domain
>>>>>cookies ? Or will it think it's the example.com cookies that want
>>>>>to update (because JS files get included in the context of the
>>>>>page they're on, which is of course in the domain example.com).
>>>>>>
>>>>>
>>>>You're right - it's not a PHP question. Try a javascript newsgroup.
>>>>
>>>It's certainly not a JavaScript question, there's no JavaScript
>>>being executed here. It's a server-side scripters' question.
>>>Something a PHP programmer would do. I'll ask on a JSP or ASP forum
>>>then.
>>>>
>>>
>>There is no server side scripting involved in this. It is strictly
>>between the server and the browser. It works the same way whether
>>you're dealing with a .php file or a simple .html file.

>>
>I know. That's why I said right up front it's not a scripting
>question, but it IS the type of question that a server-side scripter
>is more likely to be familiar with. After all, you s-s- scripter guys
>do make calls to addCookie (which adds a Set-Cookie to the response
>header), and that tells the browser to set the cookie value.
>>

>>I suggested a javascript newsgroup because even if you do fetch the
>>file from another server, you're going to have other security issues
>>when you execute the javascript.

>>
>You've latched onto this idea of JavaScript being executed again.
>Would it help if it's an image I'm requesting? The question is the
>same ... "if I request an image from another domain and the response
>has a Set-Cookie in it, will it set the cookie in that other domain?".
>>

>
You talked about requesting a js file - which is entirely different than
requesting an image file.

Sorry, I should have used an image in my original example. The main
point is, it's a request for a web asset of some kind, and the server
gets to set a cookie in the response. As far as I was aware, the only
way a server can set a cookie in the response is by using server-side
scripting (like PHP for example).

But in either case, scripting has NOTHING to do with your request. It
can all be done from straight HTML documents.

Oh cool, how do I do that exactly? I have access to a couple of
different domain servers so I could setup the test. I imagine the only
way I can achieve it by using HTML files is to use AJAX calls, otherwise
what type of container would I load the HTML file into? If I were to put
it in an iframe, then it wouldn't be a valid test, it wouldn't be
cross-domain. Where can I get to set a cookie in a HTML page without
using client-side scripting?

**Jerry Stuckle** · Aug 9 '08, 07:55 PM

Re: Cross-domain cookie updating ?

Stevo wrote:

Jerry Stuckle wrote:

>Stevo wrote:

>>Jerry Stuckle wrote:
>>>Stevo wrote:
>>>>Jerry Stuckle wrote:
>>>>>Stevo wrote:
>>>>>>I'm guessing this is a laughably obvious answer to many here, but
>>>>>>it's not to me (and I don't have a server or any knowledge of PHP
>>>>>>to be able to try it). It's not strictly a PHP question, but
>>>>>>somethi ng that PHP guys would know the answer to. I can't think
>>>>>>of a more appropriate forum to try. I've heard the ASP and JSP
>>>>>>guys aren't as friendly ;-)
>>>>>>>
>>>>>>Let's say we have a HTML page from domain example.com, and that
>>>>>>HTML page makes a request to example.com to return a JavaScript
>>>>>>file. The request for that file automatically (by the browser)
>>>>>>has cookie information in the request header. If the file being
>>>>>>returne d has updated cookie information in the response header,
>>>>>>then I imagine the cookies for example.com get updated (again
>>>>>>automatic ally by the browser). This is how I imagine things are
>>>>>>working based on what I've read. I've never been involved in
>>>>>>server-side scripting, only client-side updating of cookies. But
>>>>>>I believe updated cookies in the response header does cause
>>>>>>cookie updating.
>>>>>>>
>>>>>>So my main question is, what if that scenario above is slightly
>>>>>>different . What if the JS file it's requesting is actually to a
>>>>>>differe nt unrelated domain server (example2.com) that's going to
>>>>>>return a JavaScript file with updated cookies in the response
>>>>>>header. Will the browser correctly update the example2.com domain
>>>>>>cookies ? Or will it think it's the example.com cookies that want
>>>>>>to update (because JS files get included in the context of the
>>>>>>page they're on, which is of course in the domain example.com).
>>>>>>>
>>>>>>
>>>>>You're right - it's not a PHP question. Try a javascript newsgroup.
>>>>>
>>>>It's certainly not a JavaScript question, there's no JavaScript
>>>>being executed here. It's a server-side scripters' question.
>>>>Something a PHP programmer would do. I'll ask on a JSP or ASP forum
>>>>then.
>>>>>
>>>>
>>>There is no server side scripting involved in this. It is strictly
>>>between the server and the browser. It works the same way whether
>>>you're dealing with a .php file or a simple .html file.
>>>
>>I know. That's why I said right up front it's not a scripting
>>question, but it IS the type of question that a server-side scripter
>>is more likely to be familiar with. After all, you s-s- scripter guys
>>do make calls to addCookie (which adds a Set-Cookie to the response
>>header), and that tells the browser to set the cookie value.
>>>
>>>I suggested a javascript newsgroup because even if you do fetch the
>>>file from another server, you're going to have other security issues
>>>when you execute the javascript.
>>>
>>You've latched onto this idea of JavaScript being executed again.
>>Would it help if it's an image I'm requesting? The question is the
>>same ... "if I request an image from another domain and the response
>>has a Set-Cookie in it, will it set the cookie in that other domain?".
>>>

>>
>You talked about requesting a js file - which is entirely different
>than requesting an image file.

>
Sorry, I should have used an image in my original example. The main
point is, it's a request for a web asset of some kind, and the server
gets to set a cookie in the response. As far as I was aware, the only
way a server can set a cookie in the response is by using server-side
scripting (like PHP for example).
>

>But in either case, scripting has NOTHING to do with your request. It
>can all be done from straight HTML documents.

>
Oh cool, how do I do that exactly? I have access to a couple of
different domain servers so I could setup the test. I imagine the only
way I can achieve it by using HTML files is to use AJAX calls, otherwise
what type of container would I load the HTML file into? If I were to put
it in an iframe, then it wouldn't be a valid test, it wouldn't be
cross-domain. Where can I get to set a cookie in a HTML page without
using client-side scripting?
>
>

Learn html, among other things. And AJAX calls are javascript, not PHP.

This is not your own personal help group for anything you wish to
discuss. This is a PHP newsgroup for discussing PHP code. That's why
it's called comp.lang.PHP.

Before you post questions in a newsgroup, it is YOUR responsibility to
do a little diagnosis and post in the appropriate newsgroup. No, you
won't get it right all the time - sometimes the clues will initially
point one way but then go somewhere else.

But in this case it should be obvious to anyone. There has been NOTHING
in ANY of your posts relating to PHP code. That's a pretty good
indication it doesn't belong in this newsgroup.

And if you can't figure out where you should be asking, perhaps you need
to hire someone to help you out.

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

**Stevo** · Aug 9 '08, 08:35 PM

Re: Cross-domain cookie updating ?

Jerry Stuckle wrote:

Stevo wrote:

>Jerry Stuckle wrote:

>>Stevo wrote:
>>>Jerry Stuckle wrote:
>>>>Stevo wrote:
>>>>>Jerry Stuckle wrote:
>>>>>>Stevo wrote:
>>>>>>>I'm guessing this is a laughably obvious answer to many here,
>>>>>>>but it's not to me (and I don't have a server or any knowledge
>>>>>>>of PHP to be able to try it). It's not strictly a PHP question,
>>>>>>>but something that PHP guys would know the answer to. I can't
>>>>>>>think of a more appropriate forum to try. I've heard the ASP and
>>>>>>>JSP guys aren't as friendly ;-)
>>>>>>>>
>>>>>>>Let's say we have a HTML page from domain example.com, and that
>>>>>>>HTML page makes a request to example.com to return a JavaScript
>>>>>>>file. The request for that file automatically (by the browser)
>>>>>>>has cookie information in the request header. If the file being
>>>>>>>return ed has updated cookie information in the response header,
>>>>>>>then I imagine the cookies for example.com get updated (again
>>>>>>>automati cally by the browser). This is how I imagine things are
>>>>>>>workin g based on what I've read. I've never been involved in
>>>>>>>server-side scripting, only client-side updating of cookies. But
>>>>>>>I believe updated cookies in the response header does cause
>>>>>>>cookie updating.
>>>>>>>>
>>>>>>>So my main question is, what if that scenario above is slightly
>>>>>>>differen t. What if the JS file it's requesting is actually to a
>>>>>>>differen t unrelated domain server (example2.com) that's going to
>>>>>>>return a JavaScript file with updated cookies in the response
>>>>>>>header . Will the browser correctly update the example2.com
>>>>>>>domain cookies ? Or will it think it's the example.com cookies
>>>>>>>that want to update (because JS files get included in the
>>>>>>>contex t of the page they're on, which is of course in the domain
>>>>>>>example. com).
>>>>>>>>
>>>>>>>
>>>>>>You're right - it's not a PHP question. Try a javascript newsgroup.
>>>>>>
>>>>>It's certainly not a JavaScript question, there's no JavaScript
>>>>>being executed here. It's a server-side scripters' question.
>>>>>Somethin g a PHP programmer would do. I'll ask on a JSP or ASP
>>>>>forum then.
>>>>>>
>>>>>
>>>>There is no server side scripting involved in this. It is strictly
>>>>between the server and the browser. It works the same way whether
>>>>you're dealing with a .php file or a simple .html file.
>>>>
>>>I know. That's why I said right up front it's not a scripting
>>>question, but it IS the type of question that a server-side scripter
>>>is more likely to be familiar with. After all, you s-s- scripter
>>>guys do make calls to addCookie (which adds a Set-Cookie to the
>>>response header), and that tells the browser to set the cookie value.
>>>>
>>>>I suggested a javascript newsgroup because even if you do fetch the
>>>>file from another server, you're going to have other security
>>>>issues when you execute the javascript.
>>>>
>>>You've latched onto this idea of JavaScript being executed again.
>>>Would it help if it's an image I'm requesting? The question is the
>>>same ... "if I request an image from another domain and the response
>>>has a Set-Cookie in it, will it set the cookie in that other domain?".
>>>>
>>>
>>You talked about requesting a js file - which is entirely different
>>than requesting an image file.

>>
>Sorry, I should have used an image in my original example. The main
>point is, it's a request for a web asset of some kind, and the server
>gets to set a cookie in the response. As far as I was aware, the only
>way a server can set a cookie in the response is by using server-side
>scripting (like PHP for example).
>>

>>But in either case, scripting has NOTHING to do with your request.
>>It can all be done from straight HTML documents.

>>
>Oh cool, how do I do that exactly? I have access to a couple of
>different domain servers so I could setup the test. I imagine the only
>way I can achieve it by using HTML files is to use AJAX calls,
>otherwise what type of container would I load the HTML file into? If I
>were to put it in an iframe, then it wouldn't be a valid test, it
>wouldn't be cross-domain. Where can I get to set a cookie in a HTML
>page without using client-side scripting?
>>
>>

>
Learn html, among other things. And AJAX calls are javascript, not PHP.

Well Duh!

This is not your own personal help group for anything you wish to
discuss. This is a PHP newsgroup for discussing PHP code. That's why
it's called comp.lang.PHP.

It's also not your personal help group to tell people what it's not.

But in this case it should be obvious to anyone. There has been NOTHING
in ANY of your posts relating to PHP code. That's a pretty good
indication it doesn't belong in this newsgroup.

Well Duh ! That's why I said in the very first post that it's not a PHP
question, but something that people (P E O P L E) who do PHP would
probably know about (you excluded).

If you don't want to be helpful you can keep your opinions to yourself.

**Jerry Stuckle** · Aug 9 '08, 09:15 PM

Re: Cross-domain cookie updating ?

Stevo wrote:

Jerry Stuckle wrote:

>Stevo wrote:

>>Jerry Stuckle wrote:
>>>Stevo wrote:
>>>>Jerry Stuckle wrote:
>>>>>Stevo wrote:
>>>>>>Jerry Stuckle wrote:
>>>>>>>Stevo wrote:
>>>>>>>>I'm guessing this is a laughably obvious answer to many here,
>>>>>>>>but it's not to me (and I don't have a server or any knowledge
>>>>>>>>of PHP to be able to try it). It's not strictly a PHP question,
>>>>>>>>but something that PHP guys would know the answer to. I can't
>>>>>>>>think of a more appropriate forum to try. I've heard the ASP
>>>>>>>>and JSP guys aren't as friendly ;-)
>>>>>>>>>
>>>>>>>>Let's say we have a HTML page from domain example.com, and that
>>>>>>>>HTML page makes a request to example.com to return a JavaScript
>>>>>>>>file. The request for that file automatically (by the browser)
>>>>>>>>has cookie information in the request header. If the file being
>>>>>>>>returne d has updated cookie information in the response header,
>>>>>>>>then I imagine the cookies for example.com get updated (again
>>>>>>>>automat ically by the browser). This is how I imagine things are
>>>>>>>>worki ng based on what I've read. I've never been involved in
>>>>>>>>serve r-side scripting, only client-side updating of cookies.
>>>>>>>>But I believe updated cookies in the response header does cause
>>>>>>>>cooki e updating.
>>>>>>>>>
>>>>>>>>So my main question is, what if that scenario above is slightly
>>>>>>>>differe nt. What if the JS file it's requesting is actually to a
>>>>>>>>differe nt unrelated domain server (example2.com) that's going
>>>>>>>>to return a JavaScript file with updated cookies in the
>>>>>>>>respons e header. Will the browser correctly update the
>>>>>>>>example 2.com domain cookies ? Or will it think it's the
>>>>>>>>example .com cookies that want to update (because JS files get
>>>>>>>>include d in the context of the page they're on, which is of
>>>>>>>>cours e in the domain example.com).
>>>>>>>>>
>>>>>>>>
>>>>>>>You're right - it's not a PHP question. Try a javascript
>>>>>>>newsgrou p.
>>>>>>>
>>>>>>It's certainly not a JavaScript question, there's no JavaScript
>>>>>>being executed here. It's a server-side scripters' question.
>>>>>>Somethi ng a PHP programmer would do. I'll ask on a JSP or ASP
>>>>>>forum then.
>>>>>>>
>>>>>>
>>>>>There is no server side scripting involved in this. It is
>>>>>strictly between the server and the browser. It works the same
>>>>>way whether you're dealing with a .php file or a simple .html file.
>>>>>
>>>>I know. That's why I said right up front it's not a scripting
>>>>question, but it IS the type of question that a server-side
>>>>scripter is more likely to be familiar with. After all, you s-s-
>>>>scripter guys do make calls to addCookie (which adds a Set-Cookie
>>>>to the response header), and that tells the browser to set the
>>>>cookie value.
>>>>>
>>>>>I suggested a javascript newsgroup because even if you do fetch
>>>>>the file from another server, you're going to have other security
>>>>>issues when you execute the javascript.
>>>>>
>>>>You've latched onto this idea of JavaScript being executed again.
>>>>Would it help if it's an image I'm requesting? The question is the
>>>>same ... "if I request an image from another domain and the
>>>>response has a Set-Cookie in it, will it set the cookie in that
>>>>other domain?".
>>>>>
>>>>
>>>You talked about requesting a js file - which is entirely different
>>>than requesting an image file.
>>>
>>Sorry, I should have used an image in my original example. The main
>>point is, it's a request for a web asset of some kind, and the server
>>gets to set a cookie in the response. As far as I was aware, the only
>>way a server can set a cookie in the response is by using server-side
>>scripting (like PHP for example).
>>>
>>>But in either case, scripting has NOTHING to do with your request.
>>>It can all be done from straight HTML documents.
>>>
>>Oh cool, how do I do that exactly? I have access to a couple of
>>different domain servers so I could setup the test. I imagine the
>>only way I can achieve it by using HTML files is to use AJAX calls,
>>otherwise what type of container would I load the HTML file into? If
>>I were to put it in an iframe, then it wouldn't be a valid test, it
>>wouldn't be cross-domain. Where can I get to set a cookie in a HTML
>>page without using client-side scripting?
>>>
>>>

>>
>Learn html, among other things. And AJAX calls are javascript, not PHP.

>
Well Duh!
>

>This is not your own personal help group for anything you wish to
>discuss. This is a PHP newsgroup for discussing PHP code. That's why
>it's called comp.lang.PHP.

>
It's also not your personal help group to tell people what it's not.
>

>But in this case it should be obvious to anyone. There has been
>NOTHING in ANY of your posts relating to PHP code. That's a pretty
>good indication it doesn't belong in this newsgroup.

>
Well Duh ! That's why I said in the very first post that it's not a PHP
question, but something that people (P E O P L E) who do PHP would
probably know about (you excluded).
>
If you don't want to be helpful you can keep your opinions to yourself.
>

Why don't you quit being a jackass and post your questions in an
appropriate newsgroup.

Read the charter for this newsgroup (all comp.* newsgroups have one).
It states this is for PHP questions.

But then there are always idiots who think the guidelines don't apply to
them.

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

**Stevo** · Aug 9 '08, 09:35 PM

Re: Cross-domain cookie updating ?

Jerry Stuckle wrote:

Why don't you quit being a jackass and post your questions in an
appropriate newsgroup.

As I said, there isn't really an appropriate newsgroup.

**Jerry Stuckle** · Aug 9 '08, 09:45 PM

Re: Cross-domain cookie updating ?

Stevo wrote:

Jerry Stuckle wrote:

>Why don't you quit being a jackass and post your questions in an
>appropriate newsgroup.

>
As I said, there isn't really an appropriate newsgroup.
>

Check again. Once you define the problem properly, you'll find a much
better newsgroup.

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

Cross-domain cookie updating ?

Cross-domain cookie updating ?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment