Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Can a 3rd party js script write cookies?

Tags:

javascript

cookies

Is it possible for a 3rd party script to write cookies to the user's computer?

For example, if affiliate.example.org includes:

<script type="text/javascript" src="http://me.example.com/cookiemonster.js"></script>

I want to provide an affiliate with a script, to hopefully write a cookie on their clients' machines; ideally we would want to control the script ourselves. However, before trying this, I just thought I would see if it is even possible.

Of course, the other option would be for us to provide the actual script for the affiliate to put directly onto their site.

like image 496
John Avatar asked Oct 05 '12 13:10

John

People also ask

Can JavaScript access third party cookies?

Third-party cookies work by embedding JavaScript from one website into another. This enables them to transfer the habits of a user across multiple websites. Third-party cookies accumulate data gathered between browsing sessions and map a clear picture of the user.

Can scripts read cookies?

Cookie data is automatically transmitted between the web browser and web server, so CGI scripts on the server can read and write cookie values that are stored on the client. As we'll see, JavaScript can also manipulate cookies using the cookie property of the Document object.

What is a 3rd party cookie?

A third-party cookie is placed on a website by someone other than the owner (a third party) and collects user data for the third party. As with standard cookies, third-party cookies are placed so that a site can remember something about the user at a later time.

2 Answers

Yes, third party scripts can write cookies, and they will appear to belong to the domain of the page itself.

You can see this if you examine the cookies of any site using Google Analytics - the content comes from a third party (Google) but the _utm prefix cookies will be on the hosting site's domain.

To write third-party cookies (i.e. where the cookie is on the domain of the third party) requires that the cookies be sent in the headers of a download from that third party, and not written by JS code.

like image 124
Alnitak Avatar answered Sep 24 '22 00:09

Alnitak

What happenned when you tested it?

(yes, if the browser/user permits, it will record a cookie - but the domain of the cookie is determined by the domain the script was loaded from).

like image 26
symcbean Avatar answered Sep 22 '22 00:09

symcbean
Sign in to Comment

Related questions

JS - jQuery inarray ignoreCase() and contains()
set the first radio button is checked in handlebars template
Node JS require without var
node.js - attaching event handlers on time
Difference between eval and setTimeout execute string code
Javascript Security: is storing sensitive data in a self invoking function more secure than cookies?
how to close jQuery tooltip
Leaflet: Circle behaving different from CircleMarker
How to Get args from SP.UI.ModalDialog?
preventing external page from redirecting MY (parent) page
best approach for testing javascript UI with jasmine [closed]
Winston logger names
Using chosen.js, how would I add images to the dropdown items?
Debugging TLS Client connection using node.js
Get List of jQuery UI themes - from an URL (same-origin-policy)
Garbage collection in JavaScript closures
How to get distance between two divs
How do I iterate over an IndexedDB objectStore using a condition on a non-key property?
Creating multiple droppable siblings that at positioned on top of eachother
What are appropriate starting points for converting video on canvas to a 3d mesh

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!