Well, at its most basic level, the process of "accepting a cookie" is really nothing more than parsing the response headers you get back from the web server looking for set-cookie: headers, and then returning the same name/value pairs in a cookie: header the next time you send a request to the server. Sure, there are rules around how it is supposed to work, but it isn't hard to implement.
I can see how it would be advantageous to a bot if more and more sites these days required cookies in order to browse to all the pages. ~Brad ----- Original Message ----- From: "Wil Genovese" <[EMAIL PROTECTED]> To: "CF-Talk" <[email protected]> Sent: Friday, August 08, 2008 11:26 AM Subject: Re: SQL injection attack on House of Fusion > very few bots accept cookies. I've never actually seen one that does, > but I have read it is possible to write one that will. > > > Wil Genovese > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310548 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
