I was working on jsonP to send data from a cookie, from a domain A to a domain B. It works well, but my question is not here. I just realize that if I only put a script
tag on my domain B pointing to my domain A, all the cookies of my domain A are set on my domain B.
Example: I put this tag on my domain B :
<script src="http://mydomainA.com/"></script>
Only with that, all the cookies of my domain A are set on my domain B. My question is, is it normal? I thought cookie need some hacks to be cross domain, but i didn't think it was that easy.
Sorry for my bad english, and apologize if my question is stupid or if it has been asked before.
Thanks in advance.
Cookies are simply headers in HTTP requests. When the browser requests
GET /foo
Host: a.com
it receives a HTML document, which contains a <script>
tag hosted on another domain. So it fires another request:
GET /script.js
Host: b.com
Cookie: foobarbaz
and it can certainly append cookies for domain b.com
, if any. This means that the last time the browser contacted b.com
, the HTTP response contained an header like
...
Set-Cookie: foobarbaz
...
and so subsequent requests to the same domain will maintain the session. When the browser requests another resource to a.com
such as
GET /bar.jpeg
Host: a.com
the cookie foobarbaz
set by b.com
will not be sent along with the request, so the scripts on a.com
don't have access to data from b.com
.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With