That's what someone else on another forum and probably the essence of
what the security expert I had coffee with was saying. There seems to
be a lot of assumptions about what people want to do for a login in
these days.
On 01/02/2013 09:57 AM, Tim Mensch wrote:
The cookies wouldn't need to cross domains. If you have a "Google
Login" widget embedded in the page that's being downloaded from a
Google domain (in an iframe? Not SURE that's necessary, but it
certainly should work), that widget could look at a Google cookie and
see that it exists, and then communicate through the DOM to the web
page, telling it yes, this user has a Google login.
Tim
On 1/2/2013 10:38 AM, Brian Conrad wrote:
Cookies expired all at the same time on a number of sites? I don't
think so. Also the other day chatting with a local security expert
he confirmed it's a technique that has been around quite awhile. And
I don't think he said it involved cookies.
On 01/02/2013 07:49 AM, niko20 wrote:
Look, cookies can't cross domains, OK? So it was probably just that
your
other cookies expired.
-niko
On Monday, December 17, 2012 2:24:25 PM UTC-6, jtoolsdev wrote:
Got an answer from an IT expert who said these logins notice the
Google+
cookie and think I should be logging in that way. Dumber login code.
On 12/17/2012 09:59 AM, String wrote:
Not to mention, browsers don't allow any site to mess with cookies
from
another domain.
On Saturday, December 15, 2012 5:19:17 PM UTC-6, John Coryat wrote:
Occam's razor would point more towards a data error rather then
Google
doing something horrendously awful.
-John Coryat
--
You received this message because you are subscribed to the Google Groups "Android
Discuss" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/android-discuss?hl=en.
