Ok Soo I have 3 Sites. All need to store a cookie that each site needs to be able to see.
I have a Single ASPX that stores this cookie for all 3 sites..
Basically On each page on the site there is a javascript that calls the ASPX and makes it store the cookie. If the ASPX is on one domain and im loading the aspx as an image, why does each site not write to the same cookie? Basically let me break it down this way.
X.com
y.com
z.com
all exist
y.com/cookiesave.aspx also exists. It writes a coookie called bob and sets it to a Guid if it doesn’t exist…
x.com, y.com, and z.com on all pages basically have a javascript that loads an image from y.com/cookiesave.aspx which returns a 1×1 transparent image.
Yet it doesn’t seem to see these cookies coming from y.com.
It still sees all three sites as saving and loading the cookie seperately. How the heck does it know if the script is on y.com only?
The protections that stop this are put in place by the browser makers to prevent cross site scripting attacks. If you have a legitimate goal then implement it in this way; use
x.my.com,y.my.comandz.my.comand set your cookie(s) formy.comand not for each one.Also note: The protections against this kind of action are not just stopped by the browser, there are also security gateways, firewalls, etc that look for this behavior because it is assumed to be an attack. Unless you are performing an attack do it the way I suggest. Oh, and don’t perform an attack — if that is what you are thinking of doing.