Cross domain secure cookie usage?

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by asdasda on Stack Overflow See other posts from Stack Overflow or by asdasda
Published on 2010-06-03T21:03:11Z Indexed on 2010/06/03 21:04 UTC
Read the original article Hit count: 171

Filed under:
|
|

I have a website that came with a SSL site for HTTPS but its on a different server. Example being

my website:

http://example.com

my SSL site:

http://myhostingcompany.com/~myuseraccount/

So I can do transactions over HTTPS and we have user accounts and everything but it is located on a different domain. The cookie domain is set for that one.

Is there a way I can check on my actual site to see if a cookie is set for the other one? And possibly grab its data and auth a user?

I think this violates a major principle of security and can't be done for good reasons, but am i wrong? is this possible?

© Stack Overflow or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about security

Related posts about session

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle