Cross domain secure cookie usage?

Posted by asdasda on Stack Overflow See other posts from Stack Overflow or by asdasda
Published on 2010-06-03T21:03:11Z Indexed on 2010/06/03 21:04 UTC
Read the original article Hit count: 179

Filed under:
|
|

I have a website that came with a SSL site for HTTPS but its on a different server. Example being

my website:

http://example.com

my SSL site:

http://myhostingcompany.com/~myuseraccount/

So I can do transactions over HTTPS and we have user accounts and everything but it is located on a different domain. The cookie domain is set for that one.

Is there a way I can check on my actual site to see if a cookie is set for the other one? And possibly grab its data and auth a user?

I think this violates a major principle of security and can't be done for good reasons, but am i wrong? is this possible?

© Stack Overflow or respective owner

Related posts about security

Related posts about session