Hassan Ila Hassan Ila - 4 days ago 5
HTML Question

Isolate iframes sessions

I have 6 iframes that are from the same domain but with different url and subdirectory. They all set a cookie that has the same name but different value using html header "set-cookie". I need to separate their cookies so that they don't interfere with each other.

Here is an example code. Thanks

<html>
<head>
<style type="text/css">
body, table
{
margin: 0; padding: 0; height: 100%; width: 100%; overflow: hidden; scrolling=no; position:absolute;;
}
iframe
{
height: 100%; width: 100%;
}
</style>

</head>
<body>
<table>

<tbody>
<tr>
<td>
<iframe id="1" src="http://example.com/1"></iframe>
</td>
<td>
<iframe id="2" src="http://example.com/2"></iframe>
</td>
<td>
<iframe id="3" src="http://example.com/3"></iframe>
</td>
</tr>
<tr>
<td>
<iframe id="4" src="http://example.com/4"></iframe>
</td>
<td>
<iframe id="5" src="http://example.com/5"></iframe>
</td>
<td>
<iframe id="6" src=http://example.com/6></iframe
</td>
</tr>
</tbody>
</table>
</body>





Note that I don't have access to the server/domain.

Answer

Cookies include a path attribute:

If the attribute-name case-insensitively matches the string "Path", the user agent MUST process the cookie-av as follows.

If the attribute-value is empty or if the first character of the
attribute-value is not %x2F ("/"):

Let cookie-path be the default-path.

Otherwise:

Let cookie-path be the attribute-value.

Append an attribute to the cookie-attribute-list with an attribute- name of Path and an attribute-value of cookie-path.

Cookies are only sent if the cookie path matches the URL path.

Configure your server so that it provides a different path for each of the 6 things in the frames.

Comments