Another domain needs to set a third party cookie for out domain.
As I understand it, that means it has to host content (specifically something that sets up a cookie) that originates from our domain, correct?
How do we set this up? Do we set up a blank html with the javascript and have them host an iframe with the content (then hide it)?
Any other solutions?
I want to expand on this, in case anyone wants to offer a more broader solution.
The main issue is that we need to be able to know if someone has visited site 1 when they visit our site (site 2).
Now, if they are linked directly from site1 then we can tell, easily, but as far as I know, only third party cookies can be used to know if someone visited site 1 at some point in the past, then visited site2, correct?
You can’t read cookies set by other domains due to the Same Origin Policy. If a browser receives a cookie from foo.com, it will only return it to foo.com. This applies even if bar.com references an image on foo.com, and that image includes a cookie header.
This extends to Javascript; JS running on a foo.com page can only read cookies that were set by foo.com.
But to accomplish your specific task, you can do something like this:
Foo.com (their site) includes a reference to a 1px image hosted on bar.com (your site.) That image sends a cookie that holds a value saying they visited foo.com.
When the user goes to bar.com, you will get the cookie back, indicating that they have visited foo.com.
Right, but how exactly do we accomplish this? We need to set a cookie, so it can’t just be an image linked from our servers. It has to be some content that includes javascript to set the cookie, right?
No, cookies are typically set via HTTP headers accompanying the resource. Javascript is actually a fairly unusual way to set cookies and can’t be relied upon for non-browser HTTP clients.
As for how to accomplish this, it will depend somewhat on your web server configuration. Here’s an example of a simple CGI script in Perl that will send a cookie header with an image:
#!/usr/bin/perl
use strict;
use warnings;
use CGI;
use CGI::Cookie;
my $cook = CGI::Cookie->new( -name => 'visited_foocom', -value => 'yes' );
my $q = CGI->new;
print $q->header( -type => 'image/gif', -cookie => $cook );
open my $fh, '<', "pixel.gif" or die $!;
print <$fh>;
ETA: Another way to do this might be to send a cookie header along with a redirect to an image file. I don’t remember offhand if browsers will permit cookie headers accompanying a redirect, though.