Now here I'm confused. IF you visit my site, and I set a cookie. Then you come to my site from another url, and you're framed within their site. Why does my cookie not work? ______________________________________ For example: If you came to my site from here http://images.google.co.uk/imgres?i...=&ie=UTF-8&rls=DVXB,DVXB:2005-18,DVXB:en&sa=N Then my cookie logging wouldn't work. Why?
Because the cookie is matched against the domain in the browser's address bar. Frames from another URL that's not yours as defined in the cookie won't work for security reasons. Else that other site can start reading your cookies.
A cookie is only sent back to the originating domain, but that shouldn't be defined by the browsers address bar. Otherwise e.g. tracking pixels for affiliate networks or webcounters would not work.
@SERPalert: Have you tried to check the transmission using an extension like live http headers to see how exactly they are accessing your domain?
They execute javascript from the other domain. That code puts a cookie with your aff id. So the cookie originates from the aff domain, not yours, I believe. I'm pretty sure it has to come from the browser's address bar, how else would they ensure security in that regard?
Correct: <SCRIPT LANGUAGE="JavaScript"> <!-- if(parent != self){ top.location.href = location.href;} //--> </SCRIPT> Code (markup): I just checked my cookies and I have tons of statcounter.com cookies which proves my point of aff and counter tracking donw on the aff/counter's domain, not yours.
Ah, ok. Now I understand the problem. I didn't realize that a third-party trackingcookie is creating the problem - or better: the problem is not the cookie but the trackingcode that is using "document.location".
Thanks, I'm using this code, which is how i spotted the problem. Person visits my site, I drop a row in a mysql table and record all sorts of info. THEN it busts out of frames and I get another mysql row. Don't suppose it's possible to alter that JS to bust out of frames and goto url http://www.mydomain.com/?framebust=1 ? My JS sucks
So it DOES read the cookie when in the external frame? Why not check the timestamp and don't add a row if it's less than how long it takes to burst out. or get your PHP to validate the request. Match the URL and if not yours then don;t store it in MySQL. Yes it is... So does mine so I don't know how Try: <SCRIPT LANGUAGE="JavaScript"> <!-- if(parent != self){ top.location.href = location.href + ?frameburst=1; } //--> </SCRIPT> Code (markup): Can't remember whether a string is extended by a period or a plus.
hmm using php how can I get the url in the address bar? $http_host = $_SERVER['HTTP_HOST']; $request_uri = $_SERVER['REQUEST_URI']; $current_url = "$http_host"."$request_uri"; PHP:
Well it hasn't done what I expected it to do. I gave back MY url, not the url of the frameset. More testing needed maybe...