[ajug-members] Cookie question

[Dean H. Saxe]

Cookies are only sent to the site from which they have originated.   
So a cookie set with the domain ".fullfrontalnerdity.com" will go to  
any host in the fullfrontalnerdity.com domain, but not the foo.com  
domain.  In other words, you don't have to do anything.  Now, if you  
have cross-site scripting vulnerabilities, then anyone could steal  
the contents of the cookies, but that's another discussion...

-dhs

Dean H. Saxe, CISSP, CEH
dean at fullfrontalnerdity.com
"I have always strenuously supported the right of every man to his  
own opinion, however different that opinion might be to mine. He who  
denies another this right makes a slave of himself to his present  
opinion, because he precludes himself the right of changing it."
     -- Thomas Paine, 1783

Find out about my Hike for Discovery at www.fullfrontalnerdity.com/hfd



On Jul 6, 2006, at 9:30 AM, James Thomas wrote:

> Hi Team,
>
> We are currently using 1st party cookies to track certain  
> information about our customers, however, we have a third party  
> business partner that creates and tracks other data about our users  
> for us as well. We want to restrict access to our third party to  
> only the cookies they are concerned with and not all of the cookies  
> in the domain. What is the best way to accomplish this? This is a  
> CF5 soon to be Java web app.
>
> Any thoughts?
> _______________________________________________
> ajug-members mailing list
> ajug-members at ajug.org
> http://www.ajug.org/mailman/listinfo/ajug-members