I have a dedicated server, which hosts 2 domains, let's say A and B.
I know about the cross-origin policy, that is impossible to read the cookies from another domain, but is it somehow possible to do it when they have the same hardware/owner/server/file system, etc?
I have realized an interesting thing, I have ads on domain A, and there are a lot of cookies from ad networks. How they did do it? Can I do something similar with my two domains?
Thanks for the answers/suggestions, I have really no experience in this sphere.
when you run advertisements on your domain, you include some JavaScript code provided by these ad networks.
When the script is executed, the script can create and read cookies associated with domain from where the script came from.
Related
I am new to this topic and was just watching a tutorial and the dude said you would have to buy and monthly pay for a domain.
I get that you would want someone else to host your website for IT-security reasons. Which is really not expensive.
But say I want to just access my server data like my music, my images and videos from anywhere and I know how to make a website. The domain name is not important for me, I dont need it to be fancy. Do I always have to buy a right to use a (unspecific but fixed) domain?
How does it work? Thanks!
Edit1: (to specify) I read that hosting the website yourself is not safe. I want to let someone host my website, serve data (like images and videos) to this website or to the client from my home-server.
A domain is just an entry in the worldwide DNS servers. This makes it easier to find your server(s). You do not need to have one. Instead you can use your IP address that you 'get' from your ISP. You must make sure that your router, that you got from your ISP, directs the request to your server.
An other means is that you find a free redirect service like dyndns. They give you a servername that will redirect automatically to your IP address given by your ISP.
If you let someone host your website then he will provide you with a URL under which you can access your server. In fact this is not a domain but a server in his domain. Hosting your website that runs on your desktop can be unsafe. If you use a dedicated cheap server than it is less unsafe but complete safety is, unfortunately, not possible.
I created this question earlier but was told that it is a DNS issue as apposed to an issue with HSTS. Regardless, here is what I need help troubleshooting:
Issue:
A single site (one that I own), is showing server DNS address could not be found. DNS_PROBE_FINISHED_NXDOMAIN when I try to connect to it via chrome, firefox, or safari. I can however connect to it via Tor Browser. I can also verify that the address resolves correctly using mxtoolbox. I also am not able to connect via two other computers and two other phones. I also am not able to connect via a different WIFI connection or personal hotspot via my phone. Curl and Host via the command line are also not able to get a response.
What I've tried:
As I said above, I've tried different internet connections and computers. I've also tried flushing my DNS cache and pointing to another DNS server.
Having said that, I am not sure how else to trouble shoot this. The only change I made to the web app was to add HSTS headers, hence why I created the earlier posing. Please let me know what other information I can provide. Otherwise, here are some details about the site itself:
Other information about my stack:
Django web app
Gunicorn / WSGI server
Hosted on Heroku - Cedar-14 stack
DNS setup with AWS route53
domain name registered through AWS
EDIT:
Possibly related: https://serverfault.com/questions/606880/how-can-i-troubleshoot-a-route-53-hosted-zone
I had the similar issue and was not able to open Facebook. Rest all sites were working fine. Initially, I thought Facebook blocked me as I never faced this crappy issue earlier. Later when I searched in Google, I found an article which described the DNS_PROBE_FINISHED_NXDOMAIN issue on Chrome.
I just changed my DNS server address as 8.8.8.8 (preferred) and 8.8.4.4 (alternate) and I never faced that issue again.
Reference - https://www.mobipicker.com/dns_probe_finished_nxdomain/
So from our discussion regarding the NS server records always make sure that the local NS records matches the Parent NS records.
In your case there there were 2 extra NS records associated with your domain that was the reason why your domains and sub domains were acting unhealthy. once you deleted those records the domains and sub domains were back to normal.
you can also try to open an anon window
access the url
use it in anon mode
or
close it and it will load ok
I understand that there are a number of ways/hacks to implement cross domain cookies such as iframe, redirects etc. I believe those methods are necessary when different app servers are serving each domain.
Now if both domains are served by the same app server, would there be an efficient and best practice method for handling these cookies? Could the app server in this case, just keep track of the origin and determine which users each request is associated to regardless of what target domain is being requested?
Any input would be greatly appreciated.
Bob
Cookies are how a server knows who's talking to it, so having both domains on the same server doesn't really help. When the request comes in, you have the source IP:port, user agent, cookies, and that's about it. IP isn't useful because of NAT (multiple users, one IP) and mobile (one user, multiple IPs--moving from cellular to wifi or vice versa). User agent has similar problems. The answers discussed in Cross-Domain Cookies are still the best options available.
Unfortunately, there's still not the super-direct way to share user data across domains. I found that the iframe implementation was the most re-usable.
To this end, I created an NPM module to simplify cross-domain sharing. It gives you a function to produce an iframe with a whitelist of your domains, and get/set functions that let you access that iframe from any whitelisted domain.
https://www.npmjs.com/package/cookie-toss
Hope this helps!
I have one Admin website (Example: http://www.admin.web.com/control/) and Public websites like (http://example.web.com and http://example.com)
I want to create one cookie from http://www.admin.web.com/control/ which will be shared to both website http://www.example.web.com and http://www.example.com.
Here both public websites are the same with different URLs
So to share cookie I am creating domain specific cookie
<cfcookie name="admin" value="xyz" domain=".web.com">
So above cookie which will be created from http://admin.web.com will be shared with http://example.web.com but not with http://example.com.
Can any one tell me how I will share same cookie for http://example.com?
The short answer is that you can't. As far as the users browsers are concerned admin.web.com and example.web.com are subdomains of the same (web.com) domain so they could be owned by the same person. This means you can set it up so that the sharing you've seen above works.
Unfortunately as you've seen example.com doesn't share a domain so you can't share them as domain cookies.
There are a couple of ways to get round this that I can think of off the top of my head, none of which are particularly nice:
You could probably get away with using an ajax callstraight to example.web.com from example.com with the contents of the cookie in the response to the page.
You could use an iframe in the example.com pages that points to the example.web.com page and then send the details from the read cookie back setting the same cookie then on example.com.
For sensible security reasons it's not really a good idea to do either but instead to look for the reason you're trying to share information across domains and try and figure out a way of avoiding it.
Coherence - Cookie Session Sharing between Applications Hosted on Different Servers
i have some web application on different servers i need them to have shared cookie
session in browser.
i want to assign same domain to all of them with different urls.
how can i implement this?
is it actually gonna work?
i want to do it with virual host on a proxy server.
The first way that comes to mind is to create a symbolic link in your DocumentRoot to a mounted directory which exists on another server. If you do this cross-server and for each application, then no matter which server people arrive at (due to load balancing, etc.) each server has a 'complete' set as far as apache is concerned but actually you still have the different data in its respective place.
In your /html/ directory (example DocumentRoot) you would have:
application1/
application2 -> /mnt/application2/
application3 -> /mnt/application3/
Then you'd set up the mount - for example - so a df would have:
192.168.1.2:/var/www/html/application2 ... /mnt/application2
192.168.1.3:/var/www/html/application3 ... /mnt/application3
Doing it this way keeps the guy on the same site as far as apache and his browser, etc. are concerned and you are definitely using the same domain, but essentially just splitting the file system between servers based on url.