Reputation: 14454
Reading cookies across different hosts
I have two sites - both are my projects. On site two, I need to check if the user is logged in on site one. I suppose to do this I should just create a script that puts a cookie into the body of an iframe and then read the iframe contents on site two. But I can't.
Here is a code I made for testing purposes:
http://jsbin.com/oqaza/edit
I got an error, that says:
"Permission denied for <http://jsbin.com> to get property HTMLDocument.nodeType from <http://www.google.com>."
Upvotes: 0
Views: 1874
Answers (3)
Reputation: 14454
I finally got it. Generally there is solution like "OpenID" (used even here on SO), but I discovered, that JSONP is easiest way to read cookies across domain :)
Upvotes: 0
Reputation: 8273
As others have mentioned, using cookies is not a good option due to security concerns. You could do it by punting a logged in user back to the other site, checking the cookie, and punting them back to the page they were on with a query string indicating status, but this is clunky to say the least.
A better way would be to create a web service (or an MVC JsonResult if you are into .Net MVC) on site1 that can respond to an AJAX request from site2 regarding login status.
Upvotes: 0
Reputation: 344497
Iframe documents are subject to the Same Origin Policy - you can't access content on one host from a page on another host. The same is true of AJAX requests.
For modern browsers, one solution is Cross Document Messaging.
Upvotes: 1
Related Questions
- Reading a cookie from a different domain
- Unable to access httponly flagged cookie on own domain loaded in iframe
- Read IFrame cookie
- Reading Javascript Cookies from a subdomain
- Restrict iframe cookies based on host domain
- Setting Cookie on Ajax request to outside domain
- How to retrieve a cookie from a different domain
- Need to access cookie cross website
- Reading Cookie from a different domain?
- duplicating cookies to another domain