[thelist] cookies

John Handelaar genghis at members.evolt.org
Fri May 18 07:16:06 CDT 2001


> -----Original Message-----
> From: thelist-admin at lists.evolt.org
> [mailto:thelist-admin at lists.evolt.org]On Behalf Of Niklaus Haldimann
> Sent: 18 May 2001 12:54
> To: thelist at lists.evolt.org
> Subject: Re: [thelist] cookies
> 
> 
> this is sort of scary. but since the domains which can exchange cookies
> (all MS's) are probably hardcoded in the browser it's not all that much
> of a security concern, is it? or is there some ie5.5 proprietary way to
> exchange cookies? does anyobdy know more about this?

If I actually own two domains, it wouldn't exactly
be rocket science to migrate cookies in this way:

1	Get values out of cookie on site A
2	Pass them in (in this case) hidden form fields to site B
3	Receiver page on site B sets new cookie 
	based on values received

Actually, the more I think about that, the worse it sounds.

------------------------------------------
John Handelaar

T +44 20 7209 4117       M +44 7930 681789
F +44 870 169 7657   E john at userfrenzy.com
------------------------------------------ 




More information about the thelist mailing list