One thing to remember is that you can only set a cookie for the site you own... Your server, your cookie. You cannot set a cookie for someone else's site.

You can set a cookie quite easily using some javascript (or any client side script). You can set server side cookies, although I have a feeling that the scenario that you're describing entails client side cookies...

But you aren't confined to frames -- if you can serve just one image or other object on the page from the third party server, that is enough access to also place a third party cookie at the same time the object is served. Many banner ad servers do their tracking in this fashion, as well as e-commerce sites that use a different domain for their final checkout processing.

However, the HTML source code will still clearly show that a different domain is serving the image file or other object - that's anavoidable. And as BlobFisk mentioned, only the same server that set the cookie can read the cookie later on.

Thanks for the replies, I hadn't thought of the image. How would it work to set a dynamic cookie though? Something like:

<img src=widget.com?setcookie=string />

?

Once the cookie is set I don't need to access it again so it isn't a problem that it's on another server. That said, is there no way to hide the cookie link entirely?

Is this possible through something like the php curl module?

Thanks,
Chris

If you're using CF or ASP (don't know about PHP), try setting a server session. You can set a cookie without it appearing in the source code. Only problem is that the cookie will only be set if the user navigates away from that page - if they close that browser session on that page the cookie is lost.

Hi Sanenet,

I'm not sure I understand how sessions would help. How would it be possible to use sessions to set a cookie for another server? Would it not just be localized on the affiliate site?

Chris