Cross domain secure cookie usage?
Posted
by asdasda
on Stack Overflow
See other posts from Stack Overflow
or by asdasda
Published on 2010-06-03T21:03:11Z
Indexed on
2010/06/03
21:04 UTC
Read the original article
Hit count: 179
I have a website that came with a SSL site for HTTPS but its on a different server. Example being
my website:
http://example.com
my SSL site:
http://myhostingcompany.com/~myuseraccount/
So I can do transactions over HTTPS and we have user accounts and everything but it is located on a different domain. The cookie domain is set for that one.
Is there a way I can check on my actual site to see if a cookie is set for the other one? And possibly grab its data and auth a user?
I think this violates a major principle of security and can't be done for good reasons, but am i wrong? is this possible?
© Stack Overflow or respective owner