in reply to Can PERL send a 3rd party cookie to a users browser?

I believe the trick is to send to the user some Javascript which will create a form, set its method ('post') and action ('different.server.com'), fill the form and immediately submit it.
  • Comment on Re: Can PERL send a 3rd party cookie to a users browser?

Replies are listed 'Best First'.
Re^2: Can PERL send a 3rd party cookie to a users browser?
by OpenSpace (Novice) on Nov 27, 2014 at 11:19 UTC

    Thanks anon

    I think I would still have problems with the cookie, as the form would be on the users PC and the server controlling the logon would be looking for the cookie it had already set in the first stages of the logon. Unfortunately that would not be on the PC but in my LWP cookie jar.

[reply]
      I wonder if hidden iframe pointing to (the start page of?) the logon server would work. Then the browser would send request to the server (asking for the iframe's content), and the server would send a cookie along with the document. And then Javascript would submit the form.

      That's in theory. I've personally never done that before. If you'll get this working, be so kind and let us know! I for one am really curious. BTW, it does look like a good way to steal other peoples passwords :)

[reply]
        Anyway... to answer your question: no, you can't set a cookie for a third-party domain from your own. See RFC 6265 4.1.2.3. Maybe you should reconsider what you're trying to do.
[reply]

In Section Seekers of Perl Wisdom