CODEWITHSUNDEEP
cookiescross-domainjsonp
Shpat
Shpat

Reputation: 502

how can I read cookies, that were set by domain A, from domain B via an inline javascript attached in domain B?

I'm trying to read cookies that were set by domain A (i know the name of the cookies), from domain B via an inline javascript code placed in domain B.

domain B inline javascript code:

<script type="text/javascript">
        /* * * DON'T EDIT BELOW THIS LINE * * */
        (function() {
            var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true;
            dsq.src = 'http://domainA.com/classifiead/embed.js';
            (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq);
        })();

    </script>

http://domainA.com/classifiead/embed.js contains:

     $("#jsonpbtn2").click(function() {

   var url = 'http://domainA.com/classifiead/content2.php?callback=?'; 
  //  var id = info;
   $.getJSON(url, null, function(data) {
                 $('#textDiv').append(data.somecookie);
     });
});

http://domainA.com/classifiead/content2.php contains:

<?php 
 header('Content-type: application/json');
 header('Access-Control-Allow-Origin: *');
 header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
 header("Access-Control-Allow-Credentials: true");
 header("Access-Control-Allow-Headers: Content-Type, *");
 header('P3P:CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"');

 $rtnjsonobj->id = 'test skdfbslkdj';
 $rtnjsonobj->somecookie =$_COOKIE['thisweb_last_75'];
echo $_GET['callback']. '('. json_encode($rtnjsonobj) . ')';

?>

Is this even possible?

Upvotes: 0

Views: 282

Answers (1)

freedev
freedev

Reputation: 30087

Yes, if you have code executing server side on domain A. When your JavaScript code receive the cookie from domain A, then you can send the cookie to domain B.

If the cookie is a secure cookie or httponly, you can only read it via your server side script.

I suggest you to read this: http://en.wikipedia.org/wiki/HTTP_cookie#Cross-site_scripting_.E2.80.93_cookie_theft

Please pay attention: in your example you should create the object before assign properties. For example:

$rtnjsonobj = new stdClass();
$rtnjsonobj->id = 'test skdfbslkdj';
$rtnjsonobj->somecookie =$_COOKIE['thisweb_last_75'];

Upvotes: 1

Related Questions