read cookies set by other servers




Networking: Cookies
16 years ago
16 years ago


(Reporter: Will Macdonald, Assigned: Stephen P. Morse)


Windows ME

Firefox Tracking Flags

(Not tracked)




16 years ago
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Win 9x 4.90; en-US; rv:0.9.5+) Gecko/20011113
BuildID:    2001111303

I was writing some perl scripts to run on my own Linux server to teach myself
about reading and setting cookies. I was testing them running a Windows laptop.

print "Content-type:text/html\n\n";
$cdata = $ENV{'HTTP_COOKIE'};
($name,$cid) = split(/=/,$cdata);
print $cdata;

I used the script extract to read a cookie from my PC, and then dislay it in the
web page. My domain name ( is and always has been hosted on a
Linux server. However, when I ran the script it gave me something like the
following: SITESERVER=ID=kuyf65yig67565ro78t95r6r87t.

I then did a search in my cookies file and found this same long key in repeated
several times, as well the word SITESERVER. If I am not wrong Site server is
some Microsoft technology, so itcouldn't have come from me.  So why was I able
to read other cookies whilst running a perl script on my own server. I have
never set any cookies with the name SITESERVER, and a web server should only be
able to read it's own cookies, surely ??

Reproducible: Always
Steps to Reproduce:
#!/usr/bin/perl -w

print "Content-type:text/html\n\n";
$cdata = $ENV{'HTTP_COOKIE'};
($name,$cid) = split(/=/,$cdata);
print $cdata;

Actual Results:  It printed out the cookie name and value of some one elses cookie.

Expected Results:  Read the cookie I was trying/failing to set.

I have since deleted all cookies with the name SITESERVER and the problems no
longer occurs.

Comment 1

16 years ago
Please attach a screen shot of your cookie-manager window.  In particular I want 
to see the cookie whose name is SITESERVER.  Select that cookie before taking 
the screenshot so we can see what the properties of that cookie are.

Comment 2

16 years ago
Reporter, please respond to my request above.  Thanks.

Comment 3

16 years ago
Marking as invalid per lack of reporter's response to my questions.
Last Resolved: 16 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.