Here's the part I'm confused about:
> On 16.04.2007, at 17:01, Matt Kruse wrote:
> ...
> You can steal personal information from other sites, if users stay in
> a cookie-based session while surfing on other pages.
> ...
How would this work exactly? I thought that session cookies and file
cookies are only passed by the browser in a request to a matching domain?
Or would it be something like this:
1. Log into Washington Mutual Bank Account (20 minute session).
2. Don't log out
3. In same browser, visit www.hackmypc.com
4. This new website initiates in Ajax call to WAMU, and because the
original session is still active, it works?
Is this the security flaw you are referring to?
JK
