I was working on jsonP to send data from a cookie, from a domain A to a domain B. It works well, but my question is not here. I just realize that if I only put a script tag on my domain B pointing to my domain A, all the cookies of my domain A are set on my domain B.
Example: I put this tag on my domain B :
<script src="http://mydomainA.com/"></script>
Only with that, all the cookies of my domain A are set on my domain B.
My question is, is it normal? I thought cookie need some hacks to be cross domain, but i didn’t think it was that easy.
Sorry for my bad english, and apologize if my question is stupid or if it has been asked before.
Thanks in advance.
Cookies are simply headers in HTTP requests. When the browser requests
it receives a HTML document, which contains a
<script>tag hosted on another domain. So it fires another request:and it can certainly append cookies for domain
b.com, if any. This means that the last time the browser contactedb.com, the HTTP response contained an header likeand so subsequent requests to the same domain will maintain the session. When the browser requests another resource to
a.comsuch asthe cookie
foobarbazset byb.comwill not be sent along with the request, so the scripts ona.comdon’t have access to data fromb.com.