cookies, cgi::cookie, set by domain

Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Is there any reason why this doesn't work?

#!/usr/bin/perl -wT

use CGI;

$q = new CGI;

use CGI::Cookie;
            

$cookie = new CGI::Cookie(-name =>  'foo',
                             -value   =>  'bar',
                             -domain  =>  '.corn.com');

print $q->header( -type => 'text/html', -cookie=> $cookie );

print $q->start_html;


print $q->p, "hello and $ENV{HTTP_COOKIE}"; #just checking
print $q->end_html;
[download]

basically i tryed the above and this way:

$cookie2 = $q->cookie( -name => 'aa',
                      -value=> 'bb',
            -domain => 'corn.com'.
[download]

Now the cookie only sets if I DISINCLUDE the "domain" part. I need to set a cookie at one domain for a different domain. I also only need it sent back to the one domain thats listed in "-domain=>"
EX. SET the cookie here: http://perlmonks.org for domain to use here: http://theotherperl.org
Is this possible?

thanks, Adam

Comment on cookies, cgi::cookie, set by domain Select or Download Code

Replies are listed 'Best First'.
Re: cookies, cgi::cookie, set by domain by Eureka_sg (Monk) on May 07, 2001 at 12:10 UTC
You can only set a cookie for a domain that's under the current host, ie. set cookie here :http://perlmonks.org to use at http://perlmonks.org/any/where/on/same/host When you do not define the domain, the current domain is used as default thus the cookie can be set So, if corn.com is not under the current domain, the answer is 'No, You can't set the cookie'. This is obviously for privacy reasons : )	[reply]
Re: cookies, cgi::cookie, set by domain by Masem (Monsignor) on May 07, 2001 at 15:15 UTC
Eureka_sg has the right answer; you cannot do this. Given a host name such as www.mydomain.co.uk, you can set and retrieve cookies for mydomain.co.uk and www2.mydomain.co.uk but you cannot do it for www.anotherdomain.co.uk, or co.uk, etc. In other words, given a domain name of N elements, you can set/get cookies for which the 1st element varies, but none of the others. This is obviously for security reasons because cookies are private transactions between a site and you, and to be able to put cookies for another site while delivering a page opens up a whole new world for potental misuse. (Of course, it should be noted that nasty bugs were found in Netscape because their cookie validation service assumed that all domain names were 3 parts, thus making the case above of valid cookies in www.anotherdomain.co.uk work. This was quickly squashed once discovered). Dr. Michael K. Neylon - mneylon-pm@masemware.com \|\| "You've left the lens cap of your mind on again, Pinky" - The Brain	[reply]
Re: cookies, cgi::cookie, set by domain by Rhandom (Curate) on May 07, 2001 at 17:49 UTC
Both answers are correct. But here is a little bit more. UPDATE: -- Masem did catch that -- man, I am missing things today. Some versions of Netscape do not support setting cookies at just http://corn.com/ . For historical reasons (that I used to understand), they require you to have something like www.corn.com or anysubdomain.corn.com before it will allow you to set the cookie. That is the reason you might have got .corn.com to work. Today, most modern browsers allow for setting cookies at http://corn.com/ . Unless you are writing primarily to linux users where the percentage of Netscape users is far higher than the rest of the traffic on the web (85 to 95 percent of traffic to our 8 million hit a day site comes from Internet Explorer) then it isn't too much of a concern. If you do need it to work on Netscape, try bouncing them to a www.corn.com domain first, before setting the cookie and all should be well. my @a=qw(random brilliant braindead); print $a[rand(@a)];	[reply]
Re: cookies, cgi::cookie, set by domain by centaurii (Initiate) on May 11, 2001 at 19:36 UTC
Doubleclick was or is doing this somehow. I'm not smart enough to tell you how, but you can get a cookie from ad.doubleclick.net without visiting their website.	[reply]