[ale] Cookies
Phil Turmel
philip at turmel.org
Fri Apr 26 16:44:40 EDT 2013
On 04/26/2013 03:29 PM, Geoffrey Myers wrote:
> So, still wrestling with this. Scenario:
>
> 1. Frame of page creates a cookie. Another frame in that page retrieves all cookies, does not see the new cookie.
>
> 2. Totally separate page on another tab creates a cookie. Both frames of other tab see this cookie.
>
> Why aren't the cookies created in frame 1 seen by frame 2?
>
> 2nd tab does not see the cookie created by first frame either.
>
> Cookies are not page specific. What is going on?
This isn't correct. The 'path' component of a cookie makes it at least
partially page-specific, and the domain of the cookie triggers many
visibility restrictions. Some of those are explained in the
specification, but other restrictions have been added to browsers to
limit cross-site hacks.
Short of letting others look at the pages in question, it will probably
be difficult to help. At least a trace of the request and response
headers for each page and frame would be needed.
(I'm definitely not an expert on these topics, but I can spot some of
the common flaws if they are staring me in the face.)
Phil
More information about the Ale
mailing list