httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: [users@httpd] How to fool a coockie with RewriteEngine
Date Thu, 13 Aug 2009 16:41:03 GMT
De Gang Thierry wrote:
> Hi all,
> 
>  
> 
> Is there a way in RewriteEngine to a fool a coockie to read the contents of
> another domain whilst you're on another.
> 
etc..

I have not really considered the details of what you want to do, but in 
the principle I would say it cannot be done, for security reasons.
If one site could set a cookie for any other site, then the site 
www.very-bad-guys.com could set a cookie that the browser would send 
later to the site www.all-angels.com, with whatever consequences.

However, two websites member of the same upper-level domain can set 
cookies valid for both, such as if one site is www.company.com and the 
other is anotherserver.company.com, they they both can set a cookie for 
".company.com", and the browser would send this cookie along with any 
request to any one of the two sites.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message