>>All ya gotta do is have three invisible GIFs on all three sites that come
>>from the *other* sites and the GIF does the set_cookie() of whatever their
>>user ID is.
>
>I'm not sure where you got this idea, but you should investigate
>further. A banner ad is usually nothing more than an image, a
Richard Lynch wrote:
>Would setCookie('user_id', $PHPSESSID, 0, '/othersite.com');
>
>let you get away with setting the cookies for the "other" site?
>
Luckily no. :-)
There are vulnerabilities in IE 4.0 - 6.0 that will let you read/write
cookies not in your domain, but this is a result of a
2 matches
Mail list logo
