CODEWITHSUNDEEP
javascriptcookiesbrowser
Eric Yin
Eric Yin

Reputation: 8993

Read Third Party Cookie in Javascript and Server

if a domain foo.com has cookie bar=1, cookie was placed when the domain been visited as first party. (so, the assumption is: the cookie is already there, not session cookie, not http-only, cookie under root"/". This question is not about write cookie, it is about read.)

Also, the browser disabled the 3rd party cookie and no other plugins, just a clean installed browser with 3rd party disabled. No P3P header on foo.com as well.

Upon above condition, my questions are:

When page foo.com/somepage.html has been placed in an iframe under a different domain (third party)

  1. Will the browser send the cookie bar=1 to server when read the page?
  2. Can the JavaScript in the page read the cookie bar=1?
  3. Will I expect any browser difference on above two scenarios?

Additional Question

I do not need the answer because I do not use this scenario but curious to know.

Will the browser update the cookie (quite like write) under above condition if read is possible(, and old cookie is there, just need update (not a new write))?

Upvotes: 4

Views: 7143

Answers (1)

Darin Dimitrov
Darin Dimitrov

Reputation: 1038930

1.) Will the browser send the cookie bar=1 to server when read the page?

Yes.

2.) Can the JavaScript in the page read the cookie bar=1?

That will depend on whether or not it is a session cookie (created with the HttpOnly flag). If it is a session cookie you cannot read it from javascrit. It will be sent to the server though on foo.com and a server side script will be able to read it.

3.) Will I expect any browser difference on above two scenarios?

No.

Of course all of the above apply to the foo.com domain inside the iframe. The containing HTML page and server have 0 access to this cookie.

Upvotes: 2

Related Questions