[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Cookies

On 04/26/2013 03:29 PM, Geoffrey Myers wrote:
> So, still wrestling with this. Scenario:
> 1. Frame of page creates a cookie. Another frame in that page retrieves all cookies, does not see the new cookie.
> 2. Totally separate page on another tab creates a cookie. Both frames of other tab see this cookie. 
> Why aren't the cookies created in frame 1 seen by frame 2?
> 2nd tab does not see the cookie created by first frame either. 
> Cookies are not page specific. What is going on?

This isn't correct.  The 'path' component of a cookie makes it at least
partially page-specific, and the domain of the cookie triggers many
visibility restrictions.  Some of those are explained in the
specification, but other restrictions have been added to browsers to
limit cross-site hacks.

Short of letting others look at the pages in question, it will probably
be difficult to help.   At least a trace of the request and response
headers for each page and frame would be needed.

(I'm definitely not an expert on these topics, but I can spot some of
the common flaws if they are staring me in the face.)