David E. Ross wrote:
On 9/12/2016 2:16 PM, Paul B. Gallagher wrote:
But if cookies.sqlite is marked "read-only," how can a site set a
cookie, even if it's an approved site? I mean, the definition of "set a
cookie" includes "modify cookies.sqlite," does it not? Confusinger and
confusinger...
Do bank sites really work with stale cookies from previous visits?
Sounds like a great way for hackers to impersonate you -- just spoof
your cookie from a previous session.
Two profiles, each with its own file named cookies.sqlite:
(1) Profile for general Web surfing -- The file cookies.sqlite is
marked "read only". When a Web server sends a cookie along with the
HTML of a Web page, that cookie sits in the the browser's (SeaMonkey or
Firefox) memory. It does not get written to the on-disc file until
either the memory space for cookies is filled or (more likely) the
browser is terminated.
Aha! I didn't realize SM could hold cookies in memory without writing
them to disk and still have them work.
I'm still not clear on how they can be written to a read-only file under
any conditions (e.g., "when the cookie memory space is filled or the
browser is terminated"). AFAIK, "read-only" means "read-only."
--
War doesn't determine who's right, just who's left.
--
Paul B. Gallagher
_______________________________________________
support-seamonkey mailing list
[email protected]
https://lists.mozilla.org/listinfo/support-seamonkey
