Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Setting cookie to an iframe src

I have an iframe that loads an external page, that needs to be logged to make appear what I want. Actually, if i set the iframe the normal way, the iframe loads the external-domain-login page. What I actually have is something like this:

What I need to do is to set some cookies for that source to make pretend the external domain I'm "logged". That can be done (or what I think this can be done) is setting to the request the cookies that the login response gave me.

I'm actually able to get those cookies, but don't know how to set them to the URL from the iframe.

Thoughts?

Thanks!

like image 248
FabKremer Avatar asked Apr 04 '14 14:04

FabKremer


People also ask

Can you pass cookies to iframe?

You can't share cookies across domains. You may share across subdomains. So, if your domain wrote the cookie stored on the client - whether in an iframe from other site or stored by visiting your main site, your domain should be able to access it. Otherwise - no.

How can I change src attribute in iframe?

To change the iframe src attribute, we will be using a select drop down menu, and a button element to activate the function that will change the src attribute. Note that this is only for example purposes, instead of using onClick you may want to consider using event handlers in an external script.

Is an iframe a third party cookie?

This is because Blendr relies on functional cookies to recognize user sessions and any cookie in an embedded iframe on a different domain than the parent frame, is automatically considered a “third party cookie“ for most browsers.


1 Answers

If the iframe is on a separate domain, you can't access it directly via javascript from your other domain so you won't be able to directly transfer your cookie from domain1 to domain2 using javascript.

If you control code in both domains, then there are some workarounds. Here's one method that uses a single place to login and the login credential is transferred via URL parameters: Cross Domain Login - How to login a user automatically when transferred from one domain to another

You could conceivably use the URL transfer mechanism by logging in on the first domain and then setting the .src URL in the iframe to have the login credential in the URL. When the second domain loaded in the iframe, it would see the login credential in the URL, grab it, turn it into a cookie value that it wrote on itself and the refresh itself (thus now looking logged in). You will obviously need to control javascript in both domains to use either of these techniques because one domain's javascript can't put a cookie into the other domain directly.

Another way that two cooperating domains can communicate is with window.postMessage() so the login credentials could be sent to the iframe window. It's javascript would have to receive the message and turn it into a cookie and then refresh it's page so that the server saw the login cookie on the 2nd domain.

like image 128
jfriend00 Avatar answered Sep 30 '22 00:09

jfriend00