Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to "Forward" a cookie to another page

I was wondering if there is a straightforward way of getting a user's session cookie and posting it to a page on a different site to be processed there?

like image 707
Pierreten Avatar asked Nov 27 '22 19:11

Pierreten


2 Answers

If a diffrent site means a diffrent domain or even subdomain, the answer is no. For security reasons a cookie should not be read by other pages. And as a session cookie only contains a session ID but the actual session data is stored on the server, posting a users cookie to another site would not give you access to the users data on this page.

like image 123
2ndkauboy Avatar answered Dec 05 '22 00:12

2ndkauboy


If example.com sets a cookie, then a page from example.com can have some script that reads the cookie and posts that information to whatever site it wants. So if the cookie is 'under your control', you can send it where ever. Generally, however, a session ID isn't useful except on the site where it came from (and it's probably a security hole that should be fixed if the cookie can leak information about the session). Actually, it's probably a security hole if your pages are giving out your session cookies to other sites.

However, browser security rules will (or at least should) prevent your page from trying to read cookies set by other sites.

like image 27
Michael Burr Avatar answered Dec 05 '22 00:12

Michael Burr