On Tue, 31 Jan 2006, Aman Raheja wrote:
> Both IE and Firefox have the capability to disallow the websites to set
> cookies for third party domains.
This is a wholly different function; it prevents portions of content that
are hosted elsewhere than the site / domain you're currently viewing (say,
provided by ad companies) from dropping you a cookie.
In other words, when you go to flybynight.com, and they have a banner that
needs to be fetched from pillsandpr0n.biz, Set-Cookie headers returned by
pillsandpr0n.biz will be ignored, thus making it harder for them to track
you as you browse the web.
This does not stop bork.xyzzy.example.com from setting a cookie for
frob.knob.example.com when you view that first website.
Cheers,
/mz
-------------------------------------------------------------------------
This List Sponsored by: Watchfire
Watchfire's AppScan is the industry's first and leading web application
security testing suite, and the only solution to provide comprehensive
remediation tasks at every level of the application. See for yourself.
Download AppScan 6.0 today.
https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh
--------------------------------------------------------------------------
Received on Feb 02 2006
Intro
