sessions and cookies gone wild

here is what I see in FF and IE

FF:
site A is opened, which includes a script on site B. The script sets a cookie, reads it and outputs it into page A.
after clicking a link to site B on site A the page on site B reads the cookie and displays it. All good and well...

IE:
Same process, but the cookie content is not showing up.

In IE7 the cookie handling has to be changed in the security options in order to get this to work (i.e. 3rd party cookies have to be accepted) but even with this option changed it still works different in IE:
When site A is opened the cookie is set for site B, but when trying to display the cookie content nothing shows up. Clicking the link to site B, the page does show the cookie content. After refreshing the page on site A the cookie shows.

In either case the setcookie doesn't give any error.

So here is what I need: a script on site B is running when accessing a page on site A. The script sets a cookie and has to know if the cookie was set successfully. Reading the cookie right after setting it doesn't seem to work in IE7, all works fine in FF though...

As far as I know sessions and cookies are the only way to reliably track a visitor right? 

This works only if you lower the security settings of IE, since you make sites for others (you didn't came in touch) you need a different method

yes, the question is: is there a different method? The only way I can think of is to log the referrer, IP and user agent but obviously this is not going to uniquely identify a visitor in case of proxy use.

yes, the question is: is there a different method? The only way I can think of is to log the referrer, IP and user agent but obviously this is not going to uniquely identify a visitor in case of proxy use.

 

store the session in the database and request the info from the other site via curl

that is not possible, I have no control over what goes on on site A. The only thing that is added is a link and image:

Code:

<a href="http://www.siteB.com/click/12345/1/"><img src="http://www.siteB.com/image/12345/1/" /></a>

where /12345/1/ is static. The img src is not really an image, but a php script that outputs an image. When the visitor clicks on the link he has to be redirected to the correct URL that corresponds to the random image that was served to him before.

sounds not really safe

[Join us @ facebook]

The ip is enough for what you are trying to do (a statistics service, right?)

With the cookie, you wont win anything as the cookie wont be available if the user switch to a proxy anyway.

Now if you want to do this with cookies anyway, you could consider using javascript instead of <img>

I think it is safer (it will be anyway safer for your server's overhead)

actually the whole point is to not use javascript and it's not for statistics

What I'm trying to do is show ads when javascript is disabled. My php script will check the page content and match it with available ads. The ads are then shown as an image created by the script. The trick is to send the visitor to the correct site after clicking the image ad, so I have to somehow keep track of which image has been served to which visitor.

[Join us @ facebook]

In that case you can do one of these:

1) Creating the link, with an id mark that will help you understand where to redirect the user (I guess that's hard if you are going to use it on multiple sites)

2) Use Iframe to create those ads

yes, since it will be used on multiple sites the link will not be created dynamically. The link will always be to www.adserver.com/publisherID/

What about the iFrame, do the sessions work correctly within them?

[Join us @ facebook]

With iframe I think the sessions work, but in any way you will be able to create dynamic links this way

[Guest]

[62.885]

Googlebot, Yahoo crawler