#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2010
    Posts
    95
    Rep Power
    0

    Exclamation How to copy document.cookie for same application on different URLs


    Hi,

    Please could you advise how I can do the following:

    I have two sites, both sites use the same application ID which is "30" as example.

    First site URL: www.abc.com/?appId=30

    Second site URL: www.xyz.com/?appId=30


    I am opening both sites on same browser but with different tabs.

    I need to copy cookies (value of "document.cookie") from first site to second site whenever action happened to site one.

    I noticed that the value of "document.cookie" is different and it is not related at all. But when opening site number one twice on different tabs, then "document.cookie"will get updated without any problem.

    Please could you advise? I really appreciate.

    Thanks a lot.
  2. #2
  3. No Profile Picture
    Lost in code
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 2004
    Posts
    8,314
    Rep Power
    7171
    You can't do it directly. abc.com can never read or write cookies for xyz.com and vice versa.

    You would have to have the applications communicate on the back-end. For example, a change is made by the user on xyz.com. xyz.com sends a direct requests to abc.com telling abc.com about the change. The next time the user sends a request to abc.com, then abc.com can modify the cookie with the change.
    PHP FAQ

    Originally Posted by Spad
    Ah USB, the only rectangular connector where you have to make 3 attempts before you get it the right way around
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2010
    Posts
    95
    Rep Power
    0
    Originally Posted by E-Oreo
    You can't do it directly. abc.com can never read or write cookies for xyz.com and vice versa.

    You would have to have the applications communicate on the back-end. For example, a change is made by the user on xyz.com. xyz.com sends a direct requests to abc.com telling abc.com about the change. The next time the user sends a request to abc.com, then abc.com can modify the cookie with the change.
    Thanks for your reply. Actually I do not have username in my application.. My application is a vote application and I want to prevent a person who voted from same browser on site one from voting on second site (both sites run the same vote). So please could you hint how to do that?

    How can the browser know that this person voted on same vote on first site to prevent him from voting on second site?

    Thanks.
  6. #4
  7. Nosey Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    14,680
    Rep Power
    9419
    Originally Posted by Moderns
    So please could you hint how to do that?
    He did:
    Originally Posted by E-Oreo
    You would have to have the applications communicate on the back-end. For example, a change is made by the user on xyz.com. xyz.com sends a direct requests to abc.com telling abc.com about the change. The next time the user sends a request to abc.com, then abc.com can modify the cookie with the change.
    Originally Posted by Moderns
    How can the browser know that this person voted on same vote on first site to prevent him from voting on second site?
    The browser cannot - see Oreo's reply (again). And even if it could you shouldn't trust the browser to do it right: it's under the control of the user so the they could bypass it and vote again.
  8. #5
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2010
    Posts
    95
    Rep Power
    0
    Originally Posted by requinix
    He did:



    The browser cannot - see Oreo's reply (again). And even if it could you shouldn't trust the browser to do it right: it's under the control of the user so the they could bypass it and vote again.
    Thanks I do understand.. My problem is that people who vote are anonymous! They do not have user name... I know that same person can use more than one browser to vote more than one time, and they can delete cookies and vote again... I have no problem with that as it is not phone vote or a vote like Facebook where users have accounts..

    Just was curios if there is any method to detect cookies on second site!!

    Thanks a lot guys!
  10. #6
  11. No Profile Picture
    Lost in code
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 2004
    Posts
    8,314
    Rep Power
    7171
    You could identify users by IP address instead.

    It's also possible to grab the cookies from the other domain on the client side using JavaScript. For example, on abc.com you can do:
    Code:
    <script type="text/javascript" src="http://xyz.com/get_cookies.php"></script>
    Then on xyz.com/get_cookies.php:
    PHP Code:
    <?php ?> var cookies = <?php echo json_encode(isset($_COOKIES['cookiename']) ? $_COOKIES['cookiename'] : null); ?>
    The script will load with the cookie data populate in it. You can then have JavaScript on abc.com read that data and send it back to the abc.com server or do something else with it on the client side.

    You would need an equivalent setup to do it the other way.

    You could also do something similar to set cookies.

    However, make sure that you are very careful when doing something like this. Anyone or any site on the internet will be able to use those gateways to get and set cookies on your domain, which can be a massive security problem if you leave it too open. Never ever allow the user to specify the name of the cookie to get/set, and never get or set any important cookies (session cookies in particular).

    Neither method is fool proof, but there isn't a fool proof method of doing it. You can't uniquely identify a user without registration.
    PHP FAQ

    Originally Posted by Spad
    Ah USB, the only rectangular connector where you have to make 3 attempts before you get it the right way around
  12. #7
  13. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2010
    Posts
    95
    Rep Power
    0
    Originally Posted by E-Oreo
    You could identify users by IP address instead.

    It's also possible to grab the cookies from the other domain on the client side using JavaScript. For example, on abc.com you can do:
    Code:
    <script type="text/javascript" src="http://xyz.com/get_cookies.php"></script>
    Then on xyz.com/get_cookies.php:
    PHP Code:
    <?php ?> var cookies = <?php echo json_encode(isset($_COOKIES['cookiename']) ? $_COOKIES['cookiename'] : null); ?>
    The script will load with the cookie data populate in it. You can then have JavaScript on abc.com read that data and send it back to the abc.com server or do something else with it on the client side.

    You would need an equivalent setup to do it the other way.

    You could also do something similar to set cookies.

    However, make sure that you are very careful when doing something like this. Anyone or any site on the internet will be able to use those gateways to get and set cookies on your domain, which can be a massive security problem if you leave it too open. Never ever allow the user to specify the name of the cookie to get/set, and never get or set any important cookies (session cookies in particular).

    Neither method is fool proof, but there isn't a fool proof method of doing it. You can't uniquely identify a user without registration.
    Thanks a lot for your response. I really appreciate. But:

    1. Do I need to refresh browser to copy cookies? In my case, people might open two sites and they try to vote instantaneously, so what can we do in this case?

    2. How can I prevent from security risk as you mentioned?

    Thanks
  14. #8
  15. Sarcky
    Devshed Supreme Being (6500+ posts)

    Join Date
    Oct 2006
    Location
    Pennsylvania, USA
    Posts
    10,904
    Rep Power
    6352
    There's an old adage for forums: Describe your problem. Do not ask how to do what you've decided is the answer.

    You've asked how to share cookies across domain. The answer is "you can't. You can fake it, but it's really dangerous."

    The actual question seems to be "how can I prevent people from voting multiple times on the same poll, even across sites?"

    The answer for that is to limit votes by IP address and/or username. Don't do cookies at all, they're unreliable.

    This won't stop someone from simply making multiple users or changing their IP, but it will help.
    HEY! YOU! Read the New User Guide and Forum Rules

    "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin

    "The greatest tragedy of this changing society is that people who never knew what it was like before will simply assume that this is the way things are supposed to be." -2600 Magazine, Fall 2002

    Think we're being rude? Maybe you asked a bad question or you're a Help Vampire. Trying to argue intelligently? Please read this.
  16. #9
  17. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2010
    Posts
    95
    Rep Power
    0
    Originally Posted by ManiacDan
    There's an old adage for forums: Describe your problem. Do not ask how to do what you've decided is the answer.

    You've asked how to share cookies across domain. The answer is "you can't. You can fake it, but it's really dangerous."

    The actual question seems to be "how can I prevent people from voting multiple times on the same poll, even across sites?"

    The answer for that is to limit votes by IP address and/or username. Don't do cookies at all, they're unreliable.

    This won't stop someone from simply making multiple users or changing their IP, but it will help.
    Hi thanks..

    Actually I did not understand the answer 100% that's why asked.

    Sorry for the inconvenience.
  18. #10
  19. Sarcky
    Devshed Supreme Being (6500+ posts)

    Join Date
    Oct 2006
    Location
    Pennsylvania, USA
    Posts
    10,904
    Rep Power
    6352
    What answer didn't you understand? Did someone on another forum tell you to share cookies between domains?
    HEY! YOU! Read the New User Guide and Forum Rules

    "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin

    "The greatest tragedy of this changing society is that people who never knew what it was like before will simply assume that this is the way things are supposed to be." -2600 Magazine, Fall 2002

    Think we're being rude? Maybe you asked a bad question or you're a Help Vampire. Trying to argue intelligently? Please read this.
  20. #11
  21. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2010
    Posts
    95
    Rep Power
    0
    Originally Posted by ManiacDan
    What answer didn't you understand? Did someone on another forum tell you to share cookies between domains?
    It is clear now. Just because both sites get fed from same source (server) I got doubt.

    Thanks.

IMN logo majestic logo threadwatch logo seochat tools logo