Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Artyom Peshkov2020-09-13 19:32:51
PHP
Artyom Peshkov, 2020-09-13 19:32:51

Setting a cookie on a request from a different domain - is it possible?

Good afternoon. There are two sites. On site "A" I need to go to site "B" imperceptibly for the user so that I can see this call on the latter and set a cookie for this user (anonymous).

On site B, the code looks like this (conditionally):

if (!empty($_GET['ref'])) {
   setcookie('ref', $_GET['ref'], time()+60*60*24*7, '/');
}

On site A I try different ways:
<iframe src="https://siteB.ru/?ref=123"></iframe>
<img src="https://siteB.ru/?ref=123" />
<link href="https://siteB.ru/?ref=123" rel="stylesheet">
<div style="background:url('https://siteB.ru/?ref=123');"></div>

These requests on site B are logged, I see them, but cookies for the user are not set. Those. I go first to site A, where there is the above html, then go to site B - there are no cookies, although there are access logs. Session variables are not set this way either.

Tell me, is there any way to accomplish the task? That is, in other words, imperceptibly turn on behalf of the user to a third-party site so that he sees it as a normal visitor visit.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

5 answer(s)
Report
N
nokimaro, 2020-09-13
@Gorky

Do you set the SameSite flag when setting cookies?
https://habr.com/ru/post/492830/
https://blog.chromium.org/2020/02/samesite-cookie-...
https://developer.mozilla.org/en-US/docs /Web/HTTP/...
They also often make mistakes in setting cookies, not setting the secure and path parameters correctly.
And so the classic tracking pixel through img srcis still enough to track the user.

Report
D
Dimonchik, 2020-09-13
@dimonchik2013

imperceptibly address on behalf of the user to a third-party site so that he sees it as a normal visitor visit.

yes, cheating the system without protection by simply inserting it into the code is still possible

Report
G
Griboks, 2020-09-13
@Griboks

Most advanced users and even modern browsers block third party content. These are not only cookies, but also any other objects, even counters or advertisements.

Report
K
kocherman, 2020-09-14
@kocherman

By all means, cookies are stored and transmitted. I personally used via <img src="">. But the affiliate fires this moment and simply does not send set-cookie headers for such requests (that's why it doesn't exist).
There's always a reverse threaded bolt for every tricky asshole.

Report
N
Nadim Zakirov, 2020-09-14
@zkrvndm

You just need to use localStorage instead of Cookie, there will definitely not be such problems there. On site A, open a frame, and on site B, put some marker in storage. I myself try to use cookies to a minimum, antiviruses really like to clean them, as well as various ad blockers.

Similar questions
E
Evgeny Samsonov2015-04-05 17:45:37
What is the name of the USB device? 3Reply
I
ITpie2021-03-25 20:16:06
How to make docker to test python code with certain libraries? 3Reply
V
Vladimir Karpenko2017-04-19 19:41:47
What if there are two databases in an ASP.NET MVC5 project: one is database first, the other is code first? 3Reply
D
Dmitry2015-05-19 23:34:41
A book on C-C++ where is the description of the language with analogies? 5Reply
A
AnatoliyKarpov2021-04-16 14:24:16
How to make ul have different classes? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question