• Welcome to Valhalla Legends Archive.
 

Cookie retrieval

Started by UserLoser, May 03, 2007, 08:25 PM

Previous topic - Next topic

UserLoser

I have website1.com, and I have an ISAPI DLL hosted on website2.com.  Now, using the ISAPI DLL hosted on website2.com, how can I get the cookie for a user on website1.com?

i.e., in website1.com in the page source it includes the ISAPI.dll (<img src="website2.com/isapi.dll">).  Thanks.

All my code works correctly, but I'll show anyways.  But how to go about getting the website1.com cookie?

Cookie returns value, but like I said it returns website2.com's cookie.

char *Cookie = (char*)GetVariable(pEcb, "HTTP_COOKIE");

const char *GetVariable(EXTENSION_CONTROL_BLOCK *pEcb, const char *Variable)
{
DWORD dwBuf = 1024;
CHAR *szBuf = new CHAR[1024];

pEcb->GetServerVariable(pEcb->ConnID, (LPSTR)Variable, szBuf, &dwBuf);

return szBuf;
}

rabbit

I'm not to sure about this sort of thing, but couldn't you make an ISAPI for website1 that returns a cookie, and then have ISAPI from website2 call up the first?
Grif: Yeah, and the people in the red states are mad because the people in the blue states are mean to them and want them to pay money for roads and schools instead of cool things like NASCAR and shotguns.  Also, there's something about ketchup in there.

Spht

For obvious privacy/security reasons, browsers will not allow websites to access cookies set by other websites

Try looking into alternatives to cookies

You didn't tell us exactly what you're trying to do here and why you need two domains to accomplish it, so it's hard to say if you can use cookies or not--there may be a workaround, depending on what you're doing and how your sites are set up

UserLoser

Quote from: Spht on May 04, 2007, 11:32 AM
For obvious privacy/security reasons, browsers will not allow websites to access cookies set by other websites

Try looking into alternatives to cookies

You didn't tell us exactly what you're trying to do here and why you need two domains to accomplish it, so it's hard to say if you can use cookies or not--there may be a workaround, depending on what you're doing and how your sites are set up

Making tracker for MySpace.  MySpace doesn't allow any <script> tags or javascript stuff at all, so it's hard to do.

UserLoser

Quote from: rabbit on May 03, 2007, 11:54 PM
I'm not to sure about this sort of thing, but couldn't you make an ISAPI for website1 that returns a cookie, and then have ISAPI from website2 call up the first?

Can't do that, read my post ^ :)

Barabajagal

#5
Couldn't you make a dynamic image in PHP that stores a count in a text file or database?

Edit: Here's an example way that stores every IP that views a certain image on a myspace page:
1) Create a php image (you should know how to do this, it's easy).
2) In the file, add the following code   $countdir = "count.txt";
  $IP = $_SERVER["REMOTE_ADDR"];
  $out = fopen($countdir, "a");
  fwrite($out, $IP."\n");
  fclose($out);

3) In the file's directory, make an empty text file called count.txt.
4) Rename the file to have a .jpg/.gif/.png extension (whatever file type you set it to in the Header() of the PHP file).
5) Add a .htaccess file to the directory, and include the following line:AddType x-mapp-php5 .png (Replace .png with whatever file type you want).
6) Upload this all to your webspace [make sure the image is uploaded as ASCII if FTP-ing], and then add the image using img src like any other image. View the text file to get a list of all the IPs.

To demonstrate: http://myspace.com/r3alityripple The image is the dynamic quotations. View all my visitors' IPs at http://images.realityripple.com/dynamic/myspace/count.txt .

I suspect you could run anything you want within that PHP file... but I'm gonna leave that up to you to test ;)

Hope that helps.

UserLoser

don't want to log just ip, need cookie info.  logging ip is easy and it already does that

Barabajagal

I'm saying you can run anything you could run in a PHP script that way. The IP was an example.

UserLoser

Quote from: RεalityRipplε on May 05, 2007, 01:00 PM
I'm saying you can run anything you could run in a PHP script that way. The IP was an example.

hmm what you did was interesting with the png/php spoof, wonder if i can do that somehow...all i know is there's this one myspace tracker (ispacetracker.com) that shows who it is who views your page, their name (real name),  their picture, etc etc...wonderng how it gets all that info.  that tracker is in a .swf file though

Barabajagal

It probably just reads the "SplashDisplayName" and "ME" cookies somehow. As I recall, you can set what domain to make the flash object think its in, thanks to the proprietary Embed tag (the w3c standard is object; embed isn't supported in the standards).