Cookies - Detection

M

MDW

Say I've got a site - www.mysite.com - that uses cookies
to store data. Is there any way that someone from another
site - www.imahacker.com - to create a cookie on a client
machine that www.mysite.com would think it owns?

Or could someone who knows how cookies work use Notepad
and create a facsimile cookie that www.mysite.com would be
fooled into thinking it created?

Just a theoretical question, really...
 
M

mechweb

You are indeed able to specify the domain at which a cookie is set. So, if a
person surfs to imahacker.com, that site can put a cookie on their system
with a domain of mysite.com
 
A

Aaron Bertrand - MVP

You are indeed able to specify the domain at which a cookie is set. So, if
a
person surfs to imahacker.com, that site can put a cookie on their system
with a domain of mysite.com

This sounds like a very theoretical assertion. Have you actually tried
this? I have, and it doesn't work... even if it did, it's working the wrong
way around... for a site like imahacker.com to get any useful information
from the user, www.legitimatesite.com would have to knowingly and
intentionally create an "imahacker.com" cookie...
 
M

mechweb

Its the other way around. In a test, I have set a cookie for site B in site
A. What this has the potential to do is set cookies for another site, thus
screwing with the user's normal data. I am not a fan of cookies, and found
this glaring hole some time back. It does has some use for failover setups,
but I am not a fan of it.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads


Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top