next »

[perkiset]

Has anyone ever tried to send an image request to a server and include some cookies on it? I am specifically interested in being able to set cookies then call for an image and have those cookies appear at the server... then put cookies back into the header and send back a 1x1 gif or something - so in the onLoad event of the img tag I know that it has arrived and the cookies would have as well... then I could get values I am looking for from my server from the newly arrived cookies.

I have some ideas about where to start, but I was hoping someone might be able to accelerate me...

Thanks in advance,
/perk

[nutballs]

per our phone conversation but to put it here as well for others.

in a word, no.

since you are talking about using and image beacon to hit a domain that the user is not currently on, a remote domain, the cookie will be associated with that remote domain. Not the local domain that the user is on. There is no point at which the cookie from the remote domain will be able to cross contexts to the local domain.

The image beacon is basically just like an IFRAME conceptually.
Your user is on localdomain.com
in the page there is am img tag with a URL of: remotedomain.com/cookiemaker.php
That plants a cookie on the user's machine, but the cookie is owned by remotedomain.
JS within the page cannot read that cookie, because the JS is under the localdomain context, and as such is prevented from the cookie.

unless im wrong of course

[nutballs]

being that i just saw you cross posted to syndk8. You mean drop a cookie from 1 domain via the img tag, and then read it from another domain using whatever method you can, JS, server side, etc. right? if so, I stick to my original answer, and if im wrong, i REALLY want to know how to do that...

[perkiset]

Nope, you're right on the dot... and a bit of research and thinking bears your explanation out pretty well. It's a bummer, but the truth is, a lot of WAY more black folks than you and I would have handed us our testicles for lunch if that was available... so it's probably best closed down.

 

[m1t0s1s]

Nope, you're right on the dot... and a bit of research and thinking bears your explanation out pretty well. It's a bummer, but the truth is, a lot of WAY more black folks than you and I would have handed us our testicles for lunch if that was available... so it's probably best closed down.

 

What about using browser exploits? Too blackhat? Not sustainable? Or earning the google interstitial "This website may damage your computer"?

[perkiset]

Nice idea and I probably would if this were a black venture, but I need it to be as clean as possible for this app.

I'm good to go now, the technique I settled on was the XRPC in the "It's time to give up on XMLHTTPRequest" thread.

Thanks tho m1!

/p

[ratthing]

Dredging up an old topic, I know, but I saw something interesting today which verified something I'd remember from working with Urchin a few jobs ago having to do with remote statistics monitoring for "campaigns" that goes on in big enterprise firms that do a lot of advertising.

Take a look at mickeys.com.  It has a 2px tracking image embedded and a whole bunch of cookie info for omniture.com's tracking system that goes off to another domain of Miller Brewing--you can see this using Live Http headers plugin.

I've been looking at these types of sites trying to figure out how their setting their age cookies since I need to do that on one of my sites [pr0n] and remembered this thread, so I thought I'd mention it.

=RT=

[nutballs]

the interesting thing about pixel tracking is that you can track users across multiple, unrelated sites, without them knowing it really. Thats what the ad networks do, and im sure thats what google does.

but technically, for what i THINK you are asking.

that obviously pulls the whole page from the porn site, but the user never sees it.

If you are talking about doing a cookie, for a site you own and control, and you control how the cookies are dispensed, you just have the image call an executable page, and set cookies the same way you normally would for a visitor.

If your talking about crafting a cookie on behalf of a site you don't control, you can't anymore, at least that I know of.

[JasonD]

P3P