How to "Forward" a cookie to another page_问答_开发者

How to "Forward" a cookie to another page

开发者 https://www.devze.com 2023-01-03 17:40 出处：网络

I was wondering i开发者_Go百科f there is a straightforward way of getting a user\'s session cookie and posting it to a page on a different site to be processed there? If a diffrent site means a diffre

I was wondering i开发者_Go百科f there is a straightforward way of getting a user's session cookie and posting it to a page on a different site to be processed there?

If a diffrent site means a diffrent domain or even subdomain, the answer is no. For security reasons a cookie should not be read by other pages. And as a session cookie only contains a session ID but the actual session data is stored on the server, posting a users cookie to another site would not give you access to the users data on this page.

If example.com sets a cookie, then a page from example.com can have some script that reads the cookie and posts that information to whatever site it wants. So if the cookie is 'under your control', you can send it where ever. Generally, however, a session ID isn't useful except on the site where it came from (and it's probably a security hole that should be fixed if the cookie can leak information about the session). Actually, it's probably a security hole if your pages are giving out your session cookies to other sites.

However, browser security rules will (or at least should) prevent your page from trying to read cookies set by other sites.

Straight answer, if they are different domains, then no. If they are on the same domain, then set the cookie path to "\" and you should be set. In any case, I think it's still worthwhile to check out a technique called web beaconing and see if you can adapt any part of that method to suit your needs, should you be dealing with different domains (hope not).

http://en.wikipedia.org/wiki/Web_bug

http://www.webmaster-talk.com/javascript-forum/183163-redirect-different-page-if-no-cookie.html

This will help u..

Like Kau-Boy said:

If a diffrent site means a diffrent domain or even subdomain, the answer is no.

This is due to the SSH Secure Shell. To do it, you would be going against everything (almost) that the SSH Secure Shell does for the internet. You would have to play with some low level protocols to get all the private keys and such. If these were your servers, this might be possible; but very bug prone because these handshakes (like most) are designed to not happen the same way twice.

In a nut shell: very hard, chances of actually pulling it off: low ... what are you waiting for?