GeeCON Prague 2014*
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Cookies Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "Cookies" Watch "Cookies" New topic
Author

Cookies

anand phulwani
Ranch Hand

Joined: Sep 10, 2005
Posts: 242
Dear Ranchers,

I have seen that we have to iterate over the Cookie array to find the
cookie we have set,does the array contains Cookies set by other Websites too,if so ,then if we copy the Cookie, cant we use the same Cookie at other pc,please take this that the other pc has the same IP because both the pcs are behind the same proxy/NAT.


Thanks and Regards, Anand
SCJP 5.0 310-055 73%, SCWCD 1.4 310-081 78%, IBM DB2 9 Fundamentals 000-730 62%
Marc Peabody
pie sneak
Sheriff

Joined: Feb 05, 2003
Posts: 4727

I believe there is a restriction that a website can only access its own cookies.

At any rate, cookies can be copied or manipulated from the client's PC but what you are proposing sounds like it would be done from the server, which doesn't make a lot of sense. How are you proposing that a server would take a cookie from one machine's request and place it onto another machine? How would it gain access to the other machine?


A good workman is known by his tools.
anand phulwani
Ranch Hand

Joined: Sep 10, 2005
Posts: 242
Marc Thanks for the information,but i would like to get a well defined awnser,this is what i think i can do the Cookie copying With the server.

1st Case
Let say one person visits javaranch.com and xyz.com,suppose i own xyz.com.Both of them make a Cookie on the client.In a cookie we get two things one is the parameter name and the other is the value if i get these values on my server through Cookie.getName() and Cookie.getValue(),i will be able to access the Cookie value for xyz.com as well as javaranch.com on which javaranch identifies a user.i will be able to make another cookie with the same parameters for myself and use it to access javaranch,i think i would be able to access the ranch with the person Username.

2nd Case
If a Cookie is in a PC1 from javaranch.com regarding my username
and if i copy that cookie from the temporary internet files to
another PC2,then whether if anyone logs on to javaranch.com from PC2 then will it be able to access forum from my name.in this case we are accessing the same website.

This results into security issue.
the Blessed
Greenhorn

Joined: Jul 24, 2006
Posts: 1
First of all Anand ur premise of PCs having same IPs is a little flawed...
The server will see different IPs for the 2 PCs even if they are behind the same proxy.
Secondly, Cookies are set on a website basis...so the server(site A) will not be seeing any of the site B's cookies in the request....which virtually
eleminates the problem ur talking about.
anand phulwani
Ranch Hand

Joined: Sep 10, 2005
Posts: 242
Actually What i thought was,To the internet,if 2 PC are behind the same proxy,they used to go with the same ip address,may be i am wrong,

Secondly i think you just missed the second case i would like people to read the matter fully before replying

which virtually eleminates the problem ur talking about.


the second case is about the same website.
[ July 24, 2006: Message edited by: anand phulwani ]
Marc Peabody
pie sneak
Sheriff

Joined: Feb 05, 2003
Posts: 4727

But the users are not identified by IP addresses, they are identified by cookies (or URL rewriting). So the users' IP addresses, shared or not, are irrelevant.
anand phulwani
Ranch Hand

Joined: Sep 10, 2005
Posts: 242
Thanks for the information,marc.
This is what i think too,
but i was just making sure if anyone give any idea of differentiating regarding IP address,so i just tried to make that point unchallengeable.
Karthikeyan Varadarajan
Ranch Hand

Joined: Jul 04, 2002
Posts: 98
Hi Anand,

You can copy the cookies to other machines and It will surely work.

Thats what the IEs Import/Export funtion does. It just copies all the cookies in a single file while exporting. you can move the file to someother machine and import the file. You will get all the cookies in that machine.

Hope it helps.

~With Smile
VK


~With Smile<br />VK
 
GeeCON Prague 2014
 
subject: Cookies