• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Cookies

 
anand phulwani
Ranch Hand
Posts: 242
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Dear Ranchers,

I have seen that we have to iterate over the Cookie array to find the
cookie we have set,does the array contains Cookies set by other Websites too,if so ,then if we copy the Cookie, cant we use the same Cookie at other pc,please take this that the other pc has the same IP because both the pcs are behind the same proxy/NAT.
 
Marc Peabody
pie sneak
Sheriff
Posts: 4727
Mac Ruby VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I believe there is a restriction that a website can only access its own cookies.

At any rate, cookies can be copied or manipulated from the client's PC but what you are proposing sounds like it would be done from the server, which doesn't make a lot of sense. How are you proposing that a server would take a cookie from one machine's request and place it onto another machine? How would it gain access to the other machine?
 
anand phulwani
Ranch Hand
Posts: 242
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Marc Thanks for the information,but i would like to get a well defined awnser,this is what i think i can do the Cookie copying With the server.

1st Case
Let say one person visits javaranch.com and xyz.com,suppose i own xyz.com.Both of them make a Cookie on the client.In a cookie we get two things one is the parameter name and the other is the value if i get these values on my server through Cookie.getName() and Cookie.getValue(),i will be able to access the Cookie value for xyz.com as well as javaranch.com on which javaranch identifies a user.i will be able to make another cookie with the same parameters for myself and use it to access javaranch,i think i would be able to access the ranch with the person Username.

2nd Case
If a Cookie is in a PC1 from javaranch.com regarding my username
and if i copy that cookie from the temporary internet files to
another PC2,then whether if anyone logs on to javaranch.com from PC2 then will it be able to access forum from my name.in this case we are accessing the same website.

This results into security issue.
 
the Blessed
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
First of all Anand ur premise of PCs having same IPs is a little flawed...
The server will see different IPs for the 2 PCs even if they are behind the same proxy.
Secondly, Cookies are set on a website basis...so the server(site A) will not be seeing any of the site B's cookies in the request....which virtually
eleminates the problem ur talking about.
 
anand phulwani
Ranch Hand
Posts: 242
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Actually What i thought was,To the internet,if 2 PC are behind the same proxy,they used to go with the same ip address,may be i am wrong,

Secondly i think you just missed the second case i would like people to read the matter fully before replying

which virtually eleminates the problem ur talking about.


the second case is about the same website.
[ July 24, 2006: Message edited by: anand phulwani ]
 
Marc Peabody
pie sneak
Sheriff
Posts: 4727
Mac Ruby VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
But the users are not identified by IP addresses, they are identified by cookies (or URL rewriting). So the users' IP addresses, shared or not, are irrelevant.
 
anand phulwani
Ranch Hand
Posts: 242
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for the information,marc.
This is what i think too,
but i was just making sure if anyone give any idea of differentiating regarding IP address,so i just tried to make that point unchallengeable.
 
Karthikeyan Varadarajan
Ranch Hand
Posts: 98
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Anand,

You can copy the cookies to other machines and It will surely work.

Thats what the IEs Import/Export funtion does. It just copies all the cookies in a single file while exporting. you can move the file to someother machine and import the file. You will get all the cookies in that machine.

Hope it helps.

~With Smile
VK
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic