No subject


Tue Nov 13 08:16:38 EST 2012


Geoffrey Myers

On Apr 26, 2013, at 4:44 PM, Phil Turmel <philip at turmel.org> wrote:

> 
> On 04/26/2013 03:29 PM, Geoffrey Myers wrote:
>> So, still wrestling with this. Scenario:
>> 
>> 1. Frame of page creates a cookie. Another frame in that page retrieves all cookies, does not see the new cookie.
>> 
>> 2. Totally separate page on another tab creates a cookie. Both frames of other tab see this cookie. 
>> 
>> Why aren't the cookies created in frame 1 seen by frame 2?
>> 
>> 2nd tab does not see the cookie created by first frame either. 
>> 
>> Cookies are not page specific. What is going on?
> 
> This isn't correct.  The 'path' component of a cookie makes it at least
> partially page-specific, and the domain of the cookie triggers many
> visibility restrictions.  Some of those are explained in the
> specification, but other restrictions have been added to browsers to
> limit cross-site hacks.
> 
> Short of letting others look at the pages in question, it will probably
> be difficult to help.   At least a trace of the request and response
> headers for each page and frame would be needed.
> 
> (I'm definitely not an expert on these topics, but I can spot some of
> the common flaws if they are staring me in the face.)
> 
> Phil
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo



More information about the Ale mailing list