Re: Setting cookies for other domains

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Scott Haneda <lists@xxxxxxxxxx> writes:

> Cross domain cookies are indeed possible, look at microsoft.com, msn.com and
> msnbc.com which indeed do share your cookies from one site to the next,
> however, they do it by redirects and get/post methods, which is perfectly
> legit since they control those domains.  No one outside someone with access
> to those servers could implement it.

I might be wrong on this analysis, but here is how I think the MSN
thing works

- When you go to hotmail.com, it redirects you to login.passport.com

- If you do not have your cookie (from the passport.com domain), which
  identifies you as a valid MSN network user, you are asked to sign
  in.  After successful sign on, your browser gets a passport cookie.

- The passport now redirects you to the hotmail.com and it passes your
  user information using the url.  I think it passes some sort of
  session id.  Since in the background, passport and hotmail share the
  same database, hotmail can check on a user's authentication based on
  the session id passed in the URL.  

- The same thing happens when you go to msnbc.com.  You are first
  redirected to passport.com and your passport.com's cookie is
  examined.

Thus, even though you think that msn, hotmail and msnbc are sharing
the same cookie, they are not.  It is the passport.com that is doing
the dirty work of setting and examining the cookie.

-- 
Raj Shekhar                          Y!   : Operations Engineer
MySQL DBA, programmer and  slacker   Y!IM : lunatech3007
home : http://rajshekhar.net         blog : http://rajshekhar.net/blog/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux