Ok, I'm not saying it can't be done, but it would be very difficult. When a user comes to a site and the sites places a cookie (ones with an expire date). The site server really doesn't have control of the cookie it just sends the set-cookie: http header which is a request to have the browser/client placed it into the cookie jar created by the browser not the requesting server.
This cookie is keyed to that site and no other site can read that cookie because it has no control the file the client browser is referencing, so another site can't read that cookie just the one the client assigns to that site. There is a way to make a cookie cross domains through the DOMAIN attribute but that is only if the originator sets that up. So if you go to a site and it drops a tracking cookie on you that allows Site-B to view the cookies entered in the Cookie Jar from Site-A. Site-A has to Create the cookie so Site-A has to be involved to allow Site-B to see the cookie info. So, Session cookies would be like Scott said almost impossible to glean info from because they reside in a Virtual Cookie Jar. Ben Johansen - http://www.pcforge.com Authorized Witango Reseller http://www.pcforge.com/WitangoGoodies.htm Authorized MDaemon Mail Server Reseller http://www.pcforge.com/AltN.htm -----Original Message----- From: Nicholas Froome [mailto:[EMAIL PROTECTED] Sent: Thursday, July 31, 2003 6:05 AM To: [EMAIL PROTECTED] Subject: RE: Witango-Talk: cookies This is the longest thread I've seen on this list re Cookies, and very welcome it is too Many sites autheticate you when you return by reading cookies set during a previous visit. If this cookie is readable by other sites when you visit those sites, isn't this data vulnerable? Amazon, for one, knows your name when you return - because they've linked your account to your cookie. I don't know if they allow you to purchase things without further authentication but, if they did, details of your cookie would give someone access to your account How are other developers dealing with this? Is this an issue we should consider? ________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf ________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf
