[thelist] cookies

Joe Crawford jcrawford at avencom.com
Thu May 17 13:40:46 CDT 2001


sarah wrote:
> Can anyone read a cookie that was set by someone else?
> 
> Say I have a JSP site that makes a cookie. Can some
> other site (not using JSP) read the cookie made by the
> JSP site?

Part of the reason people feel "safe" to some extent with cookies is
because /theoretically/ this is not possible - part of the security
model is that the only cookies a domain can read are ones it has *set*.

	- Joe <http://artlung.com/>
--
Joe Crawford ||||||||||||||       mailto:jcrawford at avencom.com
||||||||||||||||||||||||             http://www.avencom.com
|||||||||||||||||||||||||||      Avencom: Set Your Sites Higher




More information about the thelist mailing list