Home > Uncategorized > Read Cookies from another domain using Javascript and ASP.NET

Read Cookies from another domain using Javascript and ASP.NET

September 26, 2012 Leave a comment Go to comments

Reading cookies from another domain is a security risk, in terms of session hijacking, however, there may be reasons why you may want to do this.

Here is a simple technique that allows Cookies to be read from one domain that have been set on another domain.

First, add an ASPX page with the content shown below, and save it as “xdom.aspx” in the root of your domain (“domain-A”)

 

var pairs = “<% Response.Write(Request.ServerVariables[“HTTP_COOKIE”]);%>”.split(“;”);
var cookies = {};
for (var i = 0; i < pairs.length; i++) {
var pair = pairs[i].split(“=”);
cookies[pair[0]] = unescape(pair[1]);
}

 

Then add a html file to another domain (“domain-B”)

 

<script src=”http://domain-A/xdom.aspx”></script&gt;
<script language=”javascript”>
console.log(cookies);
</script>

Running this in Google Chrome, open developer console, and then expand out “object” and you’ll see the cookies that were set on “domain-A”

Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: