Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How does Opera copy Chrome cookies

I've installed Opera in my PC just to do some web development tests. Before installing, we are asked if we want to copy some stuff (Cookies, history, passwords, etc) from the default browser (which is Chrome in my machine).

I didn't change anything and after the installation Opera was launched. I got scared, amazed and a mix of emotions filled my body when I saw that the system that I'm developing had my user logged in. So I decided to see if other websites had this same behavior.

For my surprise, Facebook, Gmail, Github, all sites were with my user logged in.

Isn't it a huge security flaw?

How does Opera copy it? Because the copy itself should not keep the users logged.

By the way, which is the advantage of copying cookies? I just can see it as a security failure.

like image 260
Victor Leal Avatar asked Sep 28 '16 13:09

Victor Leal


1 Answers

If you install software on your computer, the installer/installed software can read other files installed on your computer. Chrome stores history, cookies, etc as files on your computer.

Note that mobile operating systems like Android behave differently.

Isn't it a huge security flaw?

No. It just means that software you have authorized to run on your behalf can read files you own. If you don't want it to read files, don't install it, or install it as another user.

which is the advantage of copying cookies?

It lets you keep your logins to Facebook, or say remember your preferred language or other settings on web sites.

Because the copy itself should not keep the users logged

Authentication cookies should be session cookies, i.e. not stored to disk. It is more likely that you copied your "remember me" cookies to Opera, and it used that to login instead.

like image 166
Neil McGuigan Avatar answered Oct 23 '22 00:10

Neil McGuigan