[ajug-members] Cookie question
Robert Watkins
rwatkins at foo-bar.org
Thu Jul 6 09:44:54 EDT 2006
I would approach the problem from the standpoint of any security issue.
You can try to deny the third party access to the cookies and/or you can
try to deny them access to the information stored in the cookies. While
doing both would of course be the best approach, my guess is that, with
cookies in a single domain, the former could be difficult (although
there may well be some cookie trick I'm not aware of). As such, I would
let them see the cookies, but encrypt the data in the cookies so that
it's of no consequence that they have access to the cookies. I would
imagine if the data is so important to the third party that they would
go to the trouble of trying to decrypt the cookies, they would also
figure out a way to get around whatever means there might be of hiding
the cookies from them in the first place.
-- Robert Watkins
On Thu, 6 Jul 2006, James Thomas wrote:
> Hi Team,
>
> We are currently using 1st party cookies to track certain information about
> our customers, however, we have a third party business partner that creates
> and tracks other data about our users for us as well. We want to restrict
> access to our third party to only the cookies they are concerned with and
> not all of the cookies in the domain. What is the best way to accomplish
> this? This is a CF5 soon to be Java web app.
>
> Any thoughts?
>
More information about the ajug-members
mailing list