[thelist] cookies
John Handelaar
genghis at members.evolt.org
Fri May 18 05:28:30 CDT 2001
> -----Original Message-----
> From: thelist-admin at lists.evolt.org
> [mailto:thelist-admin at lists.evolt.org]On Behalf Of Joe Crawford
> Sent: 17 May 2001 19:41
> To: thelist at lists.evolt.org
> Subject: Re: [thelist] cookies
>
>
> sarah wrote:
> > Can anyone read a cookie that was set by someone else?
> >
> > Say I have a JSP site that makes a cookie. Can some
> > other site (not using JSP) read the cookie made by the
> > JSP site?
>
> Part of the reason people feel "safe" to some extent with cookies is
> because /theoretically/ this is not possible - part of the security
> model is that the only cookies a domain can read are ones it has *set*.
You may be interested to hear that outside the
US, the VERY FIRST THING that IE5.5 does is start
migrating cookies across multiple MS and MSN
domains.
Proof?
http://www.userfrenzy.com/sinister.jpg
------------------------------------------
John Handelaar
T +44 20 7209 4117 M +44 7930 681789
F +44 870 169 7657 E john at userfrenzy.com
------------------------------------------
More information about the thelist
mailing list