[ajug-members] Cookie question
Gino Marotta
Gino.Marotta at digitalinsight.com
Thu Jul 6 10:32:26 EDT 2006
Good answer. :) I wanted to respond with that ... but the sheer fact
that someone was actually asking that question made me question what I
knew to be true. *sigh*
-----Original Message-----
From: ajug-members-bounces at ajug.org
[mailto:ajug-members-bounces at ajug.org] On Behalf Of Dean H. Saxe
Sent: Thursday, July 06, 2006 10:23 AM
To: General AJUG membership forum (100-200 messages/month)
Subject: Re: [ajug-members] Cookie question
All cookies follow this model.
-dhs
Dean H. Saxe, CISSP, CEH
dean at fullfrontalnerdity.com
"What is objectionable, what is dangerous about extremists is not that
they are extreme, but that they are intolerant."
-- Robert F. Kennedy, 1964
Find out about my Hike for Discovery at www.fullfrontalnerdity.com/hfd
On Jul 6, 2006, at 10:14 AM, James Thomas wrote:
> Would this be the case for both 1st party and third party cookies?
>
> On 7/6/06, Dean H. Saxe <dean at fullfrontalnerdity.com > wrote:Cookies
> are only sent to the site from which they have originated.
> So a cookie set with the domain ".fullfrontalnerdity.com" will go to
> any host in the fullfrontalnerdity.com domain, but not the foo.com
> domain. In other words, you don't have to do anything. Now, if you
> have cross-site scripting vulnerabilities, then anyone could steal the
> contents of the cookies, but that's another discussion...
>
> -dhs
>
> Dean H. Saxe, CISSP, CEH
> dean at fullfrontalnerdity.com
> "I have always strenuously supported the right of every man to his own
> opinion, however different that opinion might be to mine. He who
> denies another this right makes a slave of himself to his present
> opinion, because he precludes himself the right of changing it."
> -- Thomas Paine, 1783
>
> Find out about my Hike for Discovery at www.fullfrontalnerdity.com/hfd
>
>
>
> On Jul 6, 2006, at 9:30 AM, James Thomas wrote:
>
> > Hi Team,
> >
> > We are currently using 1st party cookies to track certain
> > information about our customers, however, we have a third party
> > business partner that creates and tracks other data about our users
> > for us as well. We want to restrict access to our third party to
> > only the cookies they are concerned with and not all of the cookies
> > in the domain. What is the best way to accomplish this? This is a
> > CF5 soon to be Java web app.
> >
> > Any thoughts?
> > _______________________________________________
> > ajug-members mailing list
> > ajug-members at ajug.org
> > http://www.ajug.org/mailman/listinfo/ajug-members
>
> _______________________________________________
> ajug-members mailing list
> ajug-members at ajug.org
> http://www.ajug.org/mailman/listinfo/ajug-members
>
> _______________________________________________
> ajug-members mailing list
> ajug-members at ajug.org
> http://www.ajug.org/mailman/listinfo/ajug-members
_______________________________________________
ajug-members mailing list
ajug-members at ajug.org
http://www.ajug.org/mailman/listinfo/ajug-members
More information about the ajug-members
mailing list