Quote:
Originally Posted by The Hun
what's in a name...
I mean, if it's in a frame it's not really third party cookie, is it? If for instance thehun.net loads a frame from kinghost.com and kinghost sets a cookie thehun can't get to that cookie without some sort of server side code. So a domain can only get to the cookies it set itself. That's not really third party to me since a third party wouldn't be able to set a cookie for a second party... only on a frame on his own domain.
Now if this whole discussion is based on my literal translation of third party cookies and the term 'third party cookies' means that a domain, no matter how deep in frames it's hidden, can set a cookie on a computer you're right... that can easily be done. No problem
|
Ok, I think you're mixing things up. The problem is not security related, no modern browser allows domain A to read cookies set by domain B. The problem is privacy related.
When I visit domain A and domain A includes a page from domain B in a frame, domain B is considered a third party object by the browser, because I never requested domain B. Therefore domain B can be limited in its ability to set cookies, not just for domain A which it never can, but also for itself, domain B.
As I wrote earlier, I don't think it will be a major loss, but it's simply not true that is has no effect.