How to read cookie from different domain?

2011-02-16 Thread Paolo
Hi, I need to read a cookie from a different domain (it is not mine).
I known the name ok cookie.

When I create (write) a cookie, it is possible to set the name of domain:
cookie.setDomain(.example.com);

But It does'nt work for foreign domain just because security reasons, infact I 
can not modify or create cookie for othen site, not own.

But I think it is possible to READ cookie from other site. Just the user set in 
own browser settings allow third party cookies.
How can do it in wicket?

I only know this instruction to read cookie, and in this I can not choose the 
domain to use:
Cookie[] cookies = ((WebRequest)getRequestCycle().getRequest()).getCookies();

This is my test application:

=
!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN 
 http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;
html xmlns=http://www.w3.org/1999/xhtml;
xmlns:wicket=http://wicket.apache.org/; xml:lang=en lang=en
head
titleWicket cookie test/title
/head
body
a wicket:id=create_cookieCreate Cookie/a
br /br /br /
 a wicket:id=read_cookieRead Cookie/a
/body
/html

==

package org.wicket.example;

import org.apache.wicket.markup.html.WebPage;
import org.apache.wicket.markup.html.link.Link;
import org.apache.wicket.protocol.http.WebResponse;
import org.apache.wicket.protocol.http.WebRequest;

import javax.servlet.http.Cookie;


public class TestPage extends WebPage {
  /**
   * Constructor
   */
  public TestPage() {
  }

  @Override
  protected void onInitialize() {
  super.onInitialize();

  add(new LinkTestPage(create_cookie) {

private static final long serialVersionUID = 6762033052623200948L;

@Override
public void onClick() {
((WebResponse) getResponse()).addCookie(createCookie());
setResponsePage(TestPage.class);
}
});
  add(new LinkTestPage(read_cookie) {

private static final long serialVersionUID = 
6762033052623200948L;

@Override
public void onClick() {
Cookie[] cookies = 
((WebRequest)getRequestCycle().getRequest()).getCookies();
System.out.println(cookies[0].getName());
setResponsePage(TestPage.class);
}
});
  }
  
  /**
   * Creates test cookie
   * @return cookie
   */
  public Cookie createCookie() {
Cookie cookie = new Cookie(wicketTest, 1);
//  cookie.setDomain(.example.com);
cookie.setMaxAge(6000);
return cookie;
  }

}

-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org



Re: How to read cookie from different domain?

2011-02-16 Thread Randy S.
It is not possible to read a cookie from a different domain. That would be a
terrible security problem.

The browser will not send cookies that do not match your domain so no amount
of code tricks on the server handling this request will get you the cookie.

The third party cookies settings in browsers controls whether it is
possible to set cookies in requests for images and other assets for a page
that come from a domain that is different than the page's domain.
On Feb 16, 2011 7:58 AM, Paolo irresistible...@gmail.com wrote:
 Hi, I need to read a cookie from a different domain (it is not mine).
 I known the name ok cookie.

 When I create (write) a cookie, it is possible to set the name of domain:
 cookie.setDomain(.example.com);

 But It does'nt work for foreign domain just because security reasons,
infact I can not modify or create cookie for othen site, not own.

 But I think it is possible to READ cookie from other site. Just the user
set in own browser settings allow third party cookies.
 How can do it in wicket?

 I only know this instruction to read cookie, and in this I can not choose
the domain to use:
 Cookie[] cookies =
((WebRequest)getRequestCycle().getRequest()).getCookies();

 This is my test application:


=
 !DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN
 http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;
 html xmlns=http://www.w3.org/1999/xhtml;
 xmlns:wicket=http://wicket.apache.org/; xml:lang=en lang=en
 head
 titleWicket cookie test/title
 /head
 body
 a wicket:id=create_cookieCreate Cookie/a
 br /br /br /
 a wicket:id=read_cookieRead Cookie/a
 /body
 /html


==

 package org.wicket.example;

 import org.apache.wicket.markup.html.WebPage;
 import org.apache.wicket.markup.html.link.Link;
 import org.apache.wicket.protocol.http.WebResponse;
 import org.apache.wicket.protocol.http.WebRequest;

 import javax.servlet.http.Cookie;


 public class TestPage extends WebPage {
 /**
 * Constructor
 */
 public TestPage() {
 }

 @Override
 protected void onInitialize() {
 super.onInitialize();

 add(new LinkTestPage(create_cookie) {

 private static final long serialVersionUID = 6762033052623200948L;

 @Override
 public void onClick() {
 ((WebResponse) getResponse()).addCookie(createCookie());
 setResponsePage(TestPage.class);
 }
 });
 add(new LinkTestPage(read_cookie) {

 private static final long serialVersionUID = 6762033052623200948L;

 @Override
 public void onClick() {
 Cookie[] cookies =
((WebRequest)getRequestCycle().getRequest()).getCookies();
 System.out.println(cookies[0].getName());
 setResponsePage(TestPage.class);
 }
 });
 }

 /**
 * Creates test cookie
 * @return cookie
 */
 public Cookie createCookie() {
 Cookie cookie = new Cookie(wicketTest, 1);
 // cookie.setDomain(.example.com);
 cookie.setMaxAge(6000);
 return cookie;
 }

 }

 -
 To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
 For additional commands, e-mail: users-h...@wicket.apache.org



Re: How to read cookie from different domain?

2011-02-16 Thread Paolo
Alle mercoledì 16 febbraio 2011, Randy S. ha scritto:
 It is not possible to read a cookie from a different domain. That would be a
 terrible security problem.
 
 The browser will not send cookies that do not match your domain so no amount
 of code tricks on the server handling this request will get you the cookie.
 
 The third party cookies settings in browsers controls whether it is
 possible to set cookies in requests for images and other assets for a page
 that come from a domain that is different than the page's domain.

If I put the other page in a Iframe into my page, and I use Javascript or other 
client side technology, is it possible?

Thank you.

-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org