Is it easy or even possible for a user to create a cookie on his own and use it on a site that uses authentication with cookies?

Generally, the authentication Info is hashed within the cookie so in order to make a cookie you would need the password amongst other things for the account which generated it. Generally attacks using cookies are executed by using stolen cookies.

easy enough. thanks for the quick reply

It depends on the poorly written code, but it is quite possible to spoof cookies and even steal them remotely using xss

Generally, the authentication Info is hashed within the cookie so in order to make a cookie you would need the password amongst other things for the account which generated it. Generally attacks using cookies are executed by using stolen cookies.

Ok, supposing I have all the cookies I need for cookie authentication, and I'm trying to run some php scripts on one site that will read in other php-generated pages. The problem I'm getting is that the site I'm grabbing from is not recognizing their own cookies or something. I have the required cookies set on my computer for that site, and I have identical ones set on the site I'm trying to run my script on. Do I have to be trying to do this from a server, or at least a computer than can run php?

Ideas?

Are you using curl? You really should have started a new topic in the PHP forum.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.