Questions about this topic? Sign up to ask in the talk tab.

Cookies/Flags/Domain

From NetSec
Jump to: navigation, search

Domain serves the opposite purpose of Path, that is, it expands a cookie's scope beyond the FQDN that set it, to a broader domain.

Say you have a cookie that has been set by http://savitri.staff.blackhatacademy.org. By default, http://hatter.staff.blackhatacademy.org can't access it. But if the first wants to share it with the second, then by setting Domain=.staff.blackhatacademy.org, this cookie is also obtained by http://hatter.staff.blackhatacademy.org

Note that if you specify another, same-level domain (that is, http://savitri.staff.blackhatacademy.org sets a cookie with Domain=errprone.staff.blackhatacademy.org), the result is not guaranteed, as your browser might reject this cookie.

Savitri says
this is to be checked and tested extensively, as it might be an interesting vector
Retrieved from "http://nets.ec/index.php?title=Cookies/Flags/Domain&oldid=8279"