Getting setting cookies on different domains, with javascript or other

Question

Haven't been able to find anything particular to this situation online so here i go... I need to set/get the cookies stored at "first.com" while browsing "second.com", I have full access of "first.com" but i only have javascript access (can manipulate the DOM as i want) on "second.com".

My first approach was to create an iframe on second.com (with js) that loaded a page like "first.com/doAjax?setCookie=xxx" and that did an ajax call to say "first.com/setCookie?cookieData=xxx" which would set the cookie on "first.com" with the data we passed around.

That pretty much worked fine for setting the cookie on first.com from second.com - for getting a cookie I basically followed the same procedure, created the iframe that loaded "first.com/doAjax?getCookie" and that would do an ajax call to say "first.com/getCookie" which would read the cookie info on first.com and return it as a JSON object.

The problem is that I'm unable to bring that JSON cookie object back to "second.com" so I can read it, well maybe i could just bring it when the Ajax call is complete using "window.top" but there's timing issues because its not relative to when the iframe has been loaded. I hope i am clear and was wondering if there's an easier solution rather than this crazy iframe->ajax crap, also seems like this wont even work for getting cookies in SAFARI.

Answer 1

You could inject a script element into HEAD of the document with a callback that passes the cookie you need to whatever function needs it.

Something like:

 <script type="text/javascript">
   var newfile=document.createElement('script');
   newfile.setAttribute("type","text/javascript");
   newfile.setAttribute("src", 'http://first.com/doAjax?getCookie&callback=passCookie');
   document.getElementsByTagName("head")[0].appendChild(newfile);
 </script>

And the page first.com/doAjax?getCookie could do this:

     passCookie({'name':'mycookie', 'value':'myvalue'});

Answer 2

Put this PHP-File to first.com:

//readcookie.php    
echo $_COOKIE['cookiename'];

On second.com you can use this javascript to get the value:

function readCookieCallback()
{
   if ((this.readyState == 4) && (this.status == 200))
   {
     alert("the value of the cookie is: "+this.responseText);
   } 
   else if ((this.readyState == 4) && (this.status != 200))
   {
     //error...
   }
}


function buttonClickOrAnything()
{
  var refreshObject = new XMLHttpRequest();
  if (!refreshObject)
  {
    //IE6 or older
    try
    {
      refreshObject = new ActiveXObject("Msxml2.XMLHTTP");
    }
    catch (e)
    {
      try
      {
        refreshObject = new ActiveXObject("Microsoft.XMLHTTP");
      }
      catch (e)
      {
        return;
      }
    }
  }
  refreshObject.onreadystatechange = readCookieCallback;
  refreshObject.open("GET", "http://www.first.com/readcookie.php");
  refreshObject.send();
}

Regards, Robert

Answer 3

For SETTING cookies you can change my script as follows:

The new PHP-Script:

//writecookie.php
setcookie($_GET['c'], $_GET['v']);

And the JavaScript:

function buttonClickOrAnything()
{
  var refreshObject = new XMLHttpRequest();
  if (!refreshObject)
  {
    //IE6 or older
    try
    {
      refreshObject = new ActiveXObject("Msxml2.XMLHTTP");
    }
    catch (e)
    {
      try
      {
        refreshObject = new ActiveXObject("Microsoft.XMLHTTP");
      }
      catch (e)
      {
        return;
      }
    }
  }
  refreshObject.open("GET", "http://www.first.com/writecookie.php?c=cookiename&v=cookievalue");
  refreshObject.send();
}

That should work on all browsers.