Reading third party cookies in Javascript and server

Question

Reading third party cookies in Javascript and server

if there is a cookie bar=1 in the foo.com domain, a cookie was placed when the domain was visited as the first party. (so, assumption: a cookie already exists, not a session cookie, not an http-only, cookie with root " / ". This question is not about cookies, but reading.)

In addition, the browser has disabled a third-party cookie and no other plugins, just a clean installed browser with a third-party user disabled. There is no P3P header on foo.com .

Under the above condition, my questions are:

If foo.com/somepage.html was placed in an iframe in another domain (third party)

Will the browser send cookie bar=1 to the server when reading the page?
Can JavaScript read cookie bar=1 on the page?
Do I expect a difference in browser over two scenarios?

Additional question

I do not need an answer because I do not use this script, but it is interesting to know.

Will the browser update the cookie (just like writing) in the above state, if reading is possible (and the old cookie exists, just need an update (and not a new record))?

+4

javascript browser cookies

Eric Yin Aug 24 '12 at 8:39

source share

1 answer

Darin Dimitrov · Accepted Answer · 2012-08-24T09:49:01+0000

1.) Will the browser send the cookie = 1 panel to the server when reading the page?

Yes.

2.) Can JavaScript read cookie bar = 1 on the page?

It depends on whether it is a session cookie (created using HttpOnly ). If this is a session cookie, you cannot read it with javascrit. It will be sent to the server, although on foo.com and the server side of the script will be able to read it.

3.) Do I expect a difference in browser over two scenarios?

No.

Of course, all of the above applies to the foo.com domain inside the iframe. The HTML page and server have 0 access to this cookie.

Reading third party cookies in Javascript and server

More articles: