Monday, March 7, 2011

Can I use an <img> tag to send cookies across domains?

Look at this situation:

  1. www.websitea.com displays an img tag with a src attribute of www.websiteb.com/image.aspx?id=5 and style="display:none"
  2. www.websiteb.com returns an clear image, in addition to a cookie with a name of referrer and value of 5 (created server-side from validated querystring.)

Would the cookie be created on domain www.websitea.com or www.websiteb.com?

Currently I'm sure a series of redirects with querystrings and to achieve cross-domain cookies, but I came up with this image idea a little ago. I guess I could also use an iframe.

Thanks!

From stackoverflow

  • The cookie would be created for websiteb.com.

  • The cookie is created from the request to websiteb.com so yea... the cookie goes to websiteb scope

  • Check out: cross-domain-user-tracking

    Someone mentions using a 1x1 image for tracking across domains.

    Shawn Simon : i marked this the answer because it eventually solved my problem with ie6

  • Ok looks good. Tested in all browsers. Added a P3P tag for IE6, not sure if it was necessary though.

    <%@ Page Language="VB" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<script runat="server">
    Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs)
        Response.AddHeader("P3P", "CP=""CAO PSA OUR""")
        Dim passedlocalizeID As String = Request.QueryString("id")
        Dim localizeID As Integer
        If passedlocalizeID IsNot Nothing AndAlso Int32.TryParse(passedlocalizeID, localizeID) Then
            Dim localizer As New Localizer
            localizer.LocalizeTo(localizeID)
        End If
    End Sub
</script>

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title>Redirecting . . .</title>
    <meta http-equiv="refresh" content="0;URL=/" />
</head>
<body>
    <form id="form1" runat="server">
    <div>
    </div>
    </form>
</body>
</html>

  • You're on the right track. As others have mentioned, the cookie would be created for websiteb.com.

    To overcome issues with IE you'll probably need to ad a Compact Privacy policy.

    Start here: http://msdn.microsoft.com/en-us/library/ms537342.aspx and Google for the rest.

Posted by Mu Cat at 6:45 PM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)