Menu
I was wondering if there is a straightforward way of getting a user's session cookie and posting it to a page on a different site to be processed there?
707
If a diffrent site means a diffrent domain or even subdomain, the answer is no. For security reasons a cookie should not be read by other pages. And as a session cookie only contains a session ID but the actual session data is stored on the server, posting a users cookie to another site would not give you access to the users data on this page.
123
If example.com sets a cookie, then a page from example.com can have some script that reads the cookie and posts that information to whatever site it wants. So if the cookie is 'under your control', you can send it where ever. Generally, however, a session ID isn't useful except on the site where it came from (and it's probably a security hole that should be fixed if the cookie can leak information about the session). Actually, it's probably a security hole if your pages are giving out your session cookies to other sites.
However, browser security rules will (or at least should) prevent your page from trying to read cookies set by other sites.
27
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
