CSS Codes
CSS Layouts
Results 1 to 2 of 2

Thread: Cookies in Iframes

  1. 12-23-2009, 02:50 PM #1
    stevenb
    stevenb is offline Junior Coders
    Join Date
    Dec 2009
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default Cookies in Iframes

    I've embedded a third party Storefront (my account) with Iframes.....and it works fine except that when I go to checkout ...my browser requires I lower the cookie security from medium to low...which is not an acceptable request for visitors.
    When I go directly to the storefront page (no embedded iframe) it works fine. I am assuming my page that is doing the iframe does not have a necessary validation (I'm only skilled enough in coding to be dangerous, so I'm not sure).

    Is there a work around for this?

    Here's the pages if anyone wanted to look at the specifics.
    The embedded store: http://www.glidegear.com/shopglidegear.html
    The plain storefront, no embedding with iframe store.glidegear.com

    Thanks,
    Steven
    Reply With Quote Reply With Quote
  2. 12-23-2009, 07:46 PM #2
    djr33's Avatar
    djr33
    djr33 is offline Global Moderator
    Join Date
    Mar 2006
    Location
    Illinois, USA
    Posts
    12,164
    Thanks
    265
    Thanked 690 Times in 678 Posts

    Default

    I think the problem has to do with how cookie permissions work:
    Cookies cannot be accessed on different domains. Subdomains work like this: store.glidegear.com and www.glidegear.com are actually considered different websites to cookies.
    So if you use a subdirectory, instead of subdomain, like www.glidegear.com/store, for the store, then you can make this work.

    Cookies can also be limited by directory; they are available based on how they are initially set. So set them with the broadest permissions possible from the most basic location possible (hopefully either www.yoursite.com or just yoursite.com-- remember, www. is a subdomain too).

    There is no trick to get around this; you must redesign your site.

    Some potential solutions without changing the subdomain structure are:
    1. Use some sort of serverside method to skip using cookies, like storing it in a database; in the iframe they setup their cart and get ready to check out. Then they go to the checkout on the main part and they have to log in again (setting a new cookie), and then they get their cart forwarded to them after being stored on the server. This would be messy but could work.
    2. You could attempt to use Javascript to have the cookie for both the iframe and for the main frame; if when they originally log in you can set one cookie for each frame on the page, you might be able to make it all work. But of course that means they will be depending on javascript, and that's a bad idea.

    There may be more ways to try to get around it, but there will be no way to bypass cookie security. By making the security setting lower, you are basically ignoring how cookies actually work, and that won't work across browsers and certainly not for users who don't want to have lowered security.

    I'd like to see cookies that are allowed to be accessed by a few domains (given the right permission), in the sense that then you could link them together. But of course that's just not how it works.
    Daniel - Freelance Web Design | <?php?> | <html>| español | Deutsch | italiano | português | català | un peu de français | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules