Page 1 of 1

Cookie reading problem via hidden image script

Posted: Fri Mar 26, 2004 8:59 am
by insomnia
Hi guys,

Any help on this would REALLY be appreciated.

I'm trying to emulate a cookie-based affiliate system on online product-marketing website (let's call it source.com) which lists products from several online shops.

The users are redirected to the shop's specific purchase page by clicking on the "Buy" button of a specific product from a specific shop.

The action of clicking on the "Buy" button invokes a cookie which is installed on the user's machine, that cookie contains a single value which is the shop's unqiue ID number.

On the checkout page of the shop's website, a hidden image tag is printed pointing back the source.com tracking script with the sale details. The details are verified and stored in the database only if the cookie installed on the user's machine contain that specific shop unique ID number.

Example:
1. A user is browsing source.com and clicks on a product from shop.com
2. source.com installs a cookie with the ID number of shop.com ->
3. The user buys the products from shop.com
4. Shop.com checkout page outputs the following image tag:
<img 'src=http://www.source.com/track.php?order_details...' width=1 height=1>
5. track.php reads the cookie and checks the value in it, if it matches the shop's ID then it stores the sale information in the database.


NOW, the problem is that track.php can NOT read the cookie, why is that? and any ideas of how I can solve this?

I know that cookies can not be read from different domains, but here I'm actually calling track.php which is on source.com, that is the same domain which invoked and installed the cookie on the user's machine.

For some reason, even if I'm calling track.php which is on source.com, the cookie still can not be read because the image tag is on another domain.

When I tried to output the image tag on source.com, it worked.

Any ideas of out to fix this would be really appreciated ;)

Posted: Fri Mar 26, 2004 9:05 am
by Parin
third party cookies are perhaps disabled in your browser settings?

I've recently read some articles on this and it seems to me, that is not a good way to work, simply because it is too dependent on the browser settings. Most browsers disable third party cookies by default nowadays.

At least, that's how I understood it. Therefor, I am looking for a different solution, myself.

Posted: Fri Mar 26, 2004 9:27 am
by insomnia
Hi Parin,

Thank you for the reply, I agree with you, however, the fact that companies like Tradedoubler (One of the largest affiliates in Europe) are still able to get it to work with the exact structure and method mentioned in my previous message.

There must be a way to do, and it has to be done using cookies (I thought about storing IP addresses, but that's dynamic).

Posted: Fri Mar 26, 2004 10:01 am
by aleigh
I am not sure I am following this properly but I'll try.

It sounds like you want to have source.com support multiple shops each of which is identified with an id, ie,

source.com/buy?id=10

But you do not want the people to be able to just change the id from 10 to 11 and see another store.

What you do is reference an image from shop.com in the beginning that goes to source.com and sets a cookie, ie,

<IMG SRC="source.com/set_cookie.php?id=10" WIDTH=1 HEIGHT=1>

If you don't want to have the id=10 thing here source.com will have to determine the shop ID using some other mechanism; such as referer. Typically this would return a 1 pixel transparent GIF as a "do nothing" activity.

So at this point the browser is at shop.com but has a cookie from source.com which contains shop.com's ID. Later source.com can use that to identify which shop the person is from without carrying the data in form variables.

Posted: Sat Mar 27, 2004 8:38 am
by insomnia
Hi aleigh,

Not quite accurate, up to the point of source.com supporting multiple shops that's correct.

However, the hidden image link reference is ment to check what shop ID value the cookie (which was installed by source.com) contains (if there's a cookie at all).

If the ID is equal to shop.com, this means the user at some point has clicked on the "Buy" button on source.com and was redirected to shop.com, hence, the sale will be registered at source.com and shop.com will be billed for that (a comission).

So basically, in the checkout page of shop.com, the html code contains the following image tag:
<img 'src=http://www.source.com/track.php?order_details...' width=1 height=1>

track.php creates a hidden image on the fly, and the same time reads the cookie value and compares it to shop.com id, if it's equal then it stores the order details in the database.

The problem is that for some reason I'm unable to read the user's cookie value through track.php.. and I have no clue why :(