Hi
im asking if its possible to a website to steal another website cookie from the browser?
why i see only few posts on the forums although the number of posts is so much ??!!
thanks in advance.
Printable View
Hi
im asking if its possible to a website to steal another website cookie from the browser?
why i see only few posts on the forums although the number of posts is so much ??!!
thanks in advance.
If its on a subdomain.
I will answer the second question first. Basically you cannot see all the forums. Some are restricted and some are obsolete given the current site format.
As for cookies being stolen, I would say that it would be generally possible, but would depend very much on circumstances, as would the significance.
For example when I log on I get cookies from Google and Yahoo. I don't think that stealing those would be of any value to anyone?
When I browse the net I pick up cookies that I would consider to be equally valueless.
My browser is set to only retain cookies for the session and to clear them when I close it.
When I leave a site that requires a logon, I always log out to close the session. I also close my browser to clear my private data locally.
If you have closed the session then the session cookie is pretty much useless.
EDIT:
I will clarify what I am talking about. I am envisaging that I connect my dial-up or ADSL modem and connect to an ISP.
I then visit site "A" and pick up a cookie....................I then go to site "B" So that gives us the following:
1. If I have disabled all cookies then no site can set them or read (steal) them.
2. If I have specifically allowed cookies for site "A" but not "B" then "B" should not be able to read site A's cookie.
3. If I restart my browser/clear private data before visiting site "B", then once again there is nothing there to steal.
4. If site "A" has terminated my session when I left it, then it doesn't matter if site "B" can read it from my browser because it has expired, and won't be accepted anymore.
5. Where I have a secure logon and leave the session open, it should still be protected by the site as it shouldn't allow more than one active session for the same user.
thanks for reply
i mean if both sites cookies still alive not expired
can any one of them steal the cookie of the other ?
I remember some six or seven years ago...
I had found out that alot of the crappy scripts JP put on the site didn't consistently need "cookies". Alot of the junk he put up could be parced straight through a single URL. So what happend was I put up a URL in my signature that forced everyone to Neg another user.
thanks for reply
i mean if the user in logged into yahoo and enter another website
can this website steal yahoo cookie?
thanks.
If there is something completely wrong with you're browser... then yes. :D
macnux: Do some reading on the Same Origin Policy (http://en.wikipedia.org/wiki/Same_origin_policy). Essentially a website would have to violate the Same Origin Policy in order to access your cookies. Does this happen? Sure... Do some googling and you'll find lots of cases of vulnerabilities in browsers that have allowed people to bypass the policy over time.
Sites can borrow cookie information
How is possible that if one visits the weather channel enters his postal code to get the weather then the next site he goes to can guess his locality.
Try it some time, get the weather then visit some porn site and find out that single women in yourtown want to meet you.
Most ads like that sift through results in whois databases.
Shareing your browseing habbits with us though... wow, now that's class.
Please put you're pants on. We don't want to see it.
Sites can definitely NOT "borrow" cookie information... that would be the opposite of all the security models that they attempt to put in place...Quote:
Originally Posted by fourdc
As Spec mentioned, generally those ads are based on Geolocation of your IP.
I understand geolocation via IP however the instance that brought it to my attention was when I was checking the weather in another state.
Recently social interaction sites Myspace, facebook have taken the lion share of web traffic. They bumped porn from the number 1 position. For a subject that no one ever looks at, it sure has a lot of traffic.
"Adult entertainment" created the home video industry, it was the final say in the HD-DVD or Blu Ray war. It built the internet. I must not be the only one that strays from the straight and narrow.
And yes my pants are on.