Questions about this topic? Sign up to ask in the talk tab.

Cookies/Flags/Domain

From NetSec
Revision as of 07:40, 19 July 2012 by Chantal21I (Talk | contribs) (Created page with "Domain serves the opposite purpose of Path, that is, it expands a cookie's scope beyond the FQDN that set it, to a broader domain. Say you have a cookie that has been set by htt...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Domain serves the opposite purpose of Path, that is, it expands a cookie's scope beyond the FQDN that set it, to a broader domain.

Say you have a cookie that has been set by http://savitri.staff.blackhatacademy.org. By default, http://hatter.staff.blackhatacademy.org can't access it. But if the first wants to share it with the second, then by setting Domain=.staff.blackhatacademy.org, this cookie is also obtained by http://hatter.staff.blackhatacademy.org

Note that if you specify another, same-level domain (that is, http://savitri.staff.blackhatacademy.org sets a cookie with Domain=errprone.staff.blackhatacademy.org), the result is not guaranteed, as your browser might reject this cookie.

Savitri says
this is to be checked and tested extensively, as it might be an interesting vector
Retrieved from "http://nets.ec/index.php?title=Cookies/Flags/Domain&oldid=8279"