CODEWITHSUNDEEP
javascriptjquerycookies
Mario
Mario

Reputation: 197

Third party cookies using jquery cookie

There page domain.com, which include javascript from server.com.

<script src="https://server.com/script.js"></script>

In this script i can easee set cookie to domain.com:

$.cookie('name', {
    data : data
    }, {
    path: '/',
    expires: 10,
    domain: 'domain.com'
});

I need to set cookie on server.com and read it later. I read that I can set third party cookie, if i load content from it. Why i cant set cookie like bellow?

$.cookie('name', {
    data : data
    }, {
    path: '/',
    expires: 10,
    domain: 'server.com'
});

Upvotes: 2

Views: 7073

Answers (1)

jfriend00
jfriend00

Reputation: 707158

First off, it's important to understand the different between a first party cookie and a 3rd party cookie.

A first party cookie is one that you are setting to the same domain as the current page. As long as cookies are enabled in the browser, you can set that cookie and you can read it back as long as the page you are on matches the domain of the cookie and the path set in the cookie is compatible with the path of the page you are one. No page from any other domain can read this cookie, ever.

A third party cookie is one that you set for a different domain than the domain of the page you are currently on. There is a separate security setting in browsers that determines whether you are even allowed to set 3rd party cookies or not. So, if you are on aaa.com, you can set a cookie that is for bbb.com pages. Even though you may be able to set a 3rd party cookie for a different domain such as bbb.com, you cannot read that bbb.com cookie from a page in aaa.com, ever. Only pages from bbb.com can read that cookie.

This capability is sometimes used for tracking purposes by ad services to help in tracking a given user across multiple domains. It can also be used to help share credentials across cooperating sites that use multiple domains.

It's important to understand that the distinction between a first party cookie and a third party cookie only exists at the moment some code is trying to set the cookie and that distinction is used to apply different security rules to the creation of the cookie. Once the cookie is created, it's the same as any other cookie. You can never read a cookie from some other domain and only cookies tagged with a domain that matches the current page domain are sent to that server or allowed to be read from that page via Javascript. The notion of a 3rd party cookie is really just one specific situation where you are allowed to set a cookie for another domain. You can never read a cookie from another domain.

Upvotes: 22

Related Questions