All geek questions in one place

Can a third-party js script write cookies?

Is it possible for a third-party script to write cookies to the user's computer?

For example, if affiliate.example.org contains:

 <script type="text/javascript" src="http://me.example.com/cookiemonster.js"></script>

I want to provide a partner with a script that, we hope, will write cookies on their clients' machines; Ideally, we would like to control the script ourselves. However, before trying to do this, I just thought that I would see if this was possible at all.

Of course, another option is for us to provide a real script for the affiliate, which he could post directly on his site.

+6
source share
2 answers

Yes, third-party scripts can write cookies, and they appear to belong to the domain of the page itself.

This can be seen if you view the cookies of any site using Google Analytics - the content comes from a third party (Google), but the _utm prefix _utm will be in the domain of the hosting site.

To write third-party cookies (that is, where the cookie is located in a third-party domain), it is necessary that the cookies are sent in the download headers from this third party and not be written in JS code.

+6
source

What happened when you tested it?

(yes, if the browser / user allows it, it will record the cookie, but the cookie domain is determined by the domain from which the script was loaded).

+1
source

Source: https://habr.com/ru/post/1438009/

More articles:


All Articles