You may be able to use a dirty exploit pioneered by banner ad companies. Browsers accept cookies that are sent along with images as well as with html. So if you sent the cookie with the page you could retrieve it with an image-lookalike script (e.g. one that sent the content-type header of an image but was actually a 1x1 blank pixel). This opens a new can of worms, though, because now you have to figure out how to have the image script tell the original script (with the actual page) whether the cookie was retrieved successfully. I'm not sure if this is possible to do consistently, and it sure wouldn't be easy, so I'd go with btrott's recommendation :-).