Thanks Curt, Chris and Ed, It is indeed the disabling of third-party cookies that is causing this behaviour in I.E. :)
So thanks all the help :) Thanks. Saqib Ali http://validate.sf.net <<< XHTML/DocBook XML Validator and Transformer "Ed Lazor" <[EMAIL PROTECTED]> No Phone Info Available 08/16/2004 04:57 PM To <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> cc <[EMAIL PROTECTED]> Subject RE: [PHP] CSRF attack not possible in I.E. 6.01 SP1? > -----Original Message----- > However a CSRF attack is NOT trying to access a third party cookie. > > The web browser make the same GET request whether it is using <img/> TAG > or the user clicking on a link. So in either case the cookies are in the > context of the website to which the cookies belong. I think Curt was correct actually. Hopefully the test I sent earlier can confirm or at least cross-reference this. -Ed -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
