[thelist] cookies
John Handelaar
genghis at members.evolt.org
Fri May 18 07:16:06 CDT 2001
> -----Original Message-----
> From: thelist-admin at lists.evolt.org
> [mailto:thelist-admin at lists.evolt.org]On Behalf Of Niklaus Haldimann
> Sent: 18 May 2001 12:54
> To: thelist at lists.evolt.org
> Subject: Re: [thelist] cookies
>
>
> this is sort of scary. but since the domains which can exchange cookies
> (all MS's) are probably hardcoded in the browser it's not all that much
> of a security concern, is it? or is there some ie5.5 proprietary way to
> exchange cookies? does anyobdy know more about this?
If I actually own two domains, it wouldn't exactly
be rocket science to migrate cookies in this way:
1 Get values out of cookie on site A
2 Pass them in (in this case) hidden form fields to site B
3 Receiver page on site B sets new cookie
based on values received
Actually, the more I think about that, the worse it sounds.
------------------------------------------
John Handelaar
T +44 20 7209 4117 M +44 7930 681789
F +44 870 169 7657 E john at userfrenzy.com
------------------------------------------
More information about the thelist
mailing list