user3615122
Reputation: 11
Reading cross domain cookie
Can javascript/JSF read a cookie from a different domain?
If i set a cookie in one domain say www.domain1.com. Can i read that cookie from a different domain www.domain2.com?
If yes, how?
I have tried below code but its not reading cookie value from mentioned URL i.e. http://host.example.com
public void getCookieUsingCookieHandler() {
try {
// Instantiate CookieManager;
// make sure to set CookiePolicy
CookieManager manager = new CookieManager();
manager.setCookiePolicy(CookiePolicy.ACCEPT_ALL);
CookieHandler.setDefault(manager);
// get content from URLConnection;
// cookies are set by web site
URL url = new URL("http://host.example.com");
URLConnection connection = url.openConnection();
connection.getContent();
// get cookies from underlying
// CookieStore
CookieStore cookieJar = manager.getCookieStore();
List <HttpCookie> cookies =
cookieJar.getCookies();
for (HttpCookie cookie: cookies) {
System.out.println("CookieHandler retrieved cookie: " + cookie);
}
} catch(Exception e) {
System.out.println("Unable to get cookie using CookieHandler");
e.printStackTrace();
}
}
Upvotes: 1
Views: 2219
Answers (1)
jgitter
Reputation: 3414
This is completely insecure and not possible. epascarello hit it on the head. If you can read cookies from any domain, then you would be able to steal session cookies from users who just happened to open your web page.
Upvotes: 2
Related Questions
- Reading a cookie from a different domain
- How to add cookie in JSF?
- JSF Storing data into a cookie
- Javafx WebEngine read secured cookies
- Read cookies with JSTL
- Reading Cookie using bookmarklet
- Cookie not being read
- How to use cookies in JSF
- Get Cookies from ServletRequest
- Cross domain cookie reading/setting cross browsers