The cookies wouldn't need to cross domains. If you have a "Google Login"
widget embedded in the page that's being downloaded from a Google domain
(in an iframe? Not SURE that's necessary, but it certainly should work),
that widget could look at a Google cookie and see that it exists, and
then communicate through the DOM to the web page, telling it yes, this
user has a Google login.
Tim
On 1/2/2013 10:38 AM, Brian Conrad wrote:
Cookies expired all at the same time on a number of sites? I don't
think so. Also the other day chatting with a local security expert he
confirmed it's a technique that has been around quite awhile. And I
don't think he said it involved cookies.
On 01/02/2013 07:49 AM, niko20 wrote:
Look, cookies can't cross domains, OK? So it was probably just that your
other cookies expired.
-niko
On Monday, December 17, 2012 2:24:25 PM UTC-6, jtoolsdev wrote:
Got an answer from an IT expert who said these logins notice the
Google+
cookie and think I should be logging in that way. Dumber login code.
On 12/17/2012 09:59 AM, String wrote:
Not to mention, browsers don't allow any site to mess with cookies
from
another domain.
On Saturday, December 15, 2012 5:19:17 PM UTC-6, John Coryat wrote:
Occam's razor would point more towards a data error rather then
Google
doing something horrendously awful.
-John Coryat
--
You received this message because you are subscribed to the Google Groups "Android
Discuss" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/android-discuss?hl=en.
