Closed Bug 109978 Opened 23 years ago Closed 23 years ago

read cookies set by other servers

Categories

(Core :: Networking: Cookies, defect)

Product:
Core
Component:
Networking: Cookies
Platform:
x86
Windows ME
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: wfm, Assigned: morse)

Details

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Win 9x 4.90; en-US; rv:0.9.5+) Gecko/20011113
BuildID:    2001111303

I was writing some perl scripts to run on my own Linux server to teach myself
about reading and setting cookies. I was testing them running a Windows laptop.

print "Content-type:text/html\n\n";
$cdata = $ENV{'HTTP_COOKIE'};
($name,$cid) = split(/=/,$cdata);
print $cdata;

I used the script extract to read a cookie from my PC, and then dislay it in the
web page. My domain name (macscan.co.uk) is and always has been hosted on a
Linux server. However, when I ran the script it gave me something like the
following: SITESERVER=ID=kuyf65yig67565ro78t95r6r87t.

I then did a search in my cookies file and found this same long key in repeated
several times, as well the word SITESERVER. If I am not wrong Site server is
some Microsoft technology, so itcouldn't have come from me.  So why was I able
to read other cookies whilst running a perl script on my own server. I have
never set any cookies with the name SITESERVER, and a web server should only be
able to read it's own cookies, surely ??

Reproducible: Always
Steps to Reproduce:
#!/usr/bin/perl -w

print "Content-type:text/html\n\n";
$cdata = $ENV{'HTTP_COOKIE'};
($name,$cid) = split(/=/,$cdata);
print $cdata;

Actual Results:  It printed out the cookie name and value of some one elses cookie.

Expected Results:  Read the cookie I was trying/failing to set.

I have since deleted all cookies with the name SITESERVER and the problems no
longer occurs.
Please attach a screen shot of your cookie-manager window.  In particular I want 
to see the cookie whose name is SITESERVER.  Select that cookie before taking 
the screenshot so we can see what the properties of that cookie are.
Reporter, please respond to my request above.  Thanks.
Marking as invalid per lack of reporter's response to my questions.
Status: UNCONFIRMED → RESOLVED
Closed: 23 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.