Is it easy or even possible for a user to create a cookie on his own and use it on a site that uses authentication with cookies?
Dominick
0
Light Poster
Recommended Answers
Jump to PostIt depends on the poorly written code, but it is quite possible to spoof cookies and even steal them remotely using xss
Jump to PostAre you using curl? You really should have started a new topic in the PHP forum.
All 5 Replies
Redshift
0
Junior Poster in Training
Generally, the authentication Info is hashed within the cookie so in order to make a cookie you would need the password amongst other things for the account which generated it. Generally attacks using cookies are executed by using stolen cookies.
Dominick
0
Light Poster
easy enough. thanks for the quick reply
floris
104
Junior Poster
It depends on the poorly written code, but it is quite possible to spoof cookies and even steal them remotely using xss
sowiebinich
0
Newbie Poster
Generally, the authentication Info is hashed within the cookie so in order to make a cookie you would need the password amongst other things for the account which generated it. Generally attacks using cookies are executed by using stolen cookies.
Ok, supposing I have all the cookies I need for cookie authentication, and I'm trying to run some php scripts on one site that will read in other php-generated pages. The problem I'm getting is that the site I'm grabbing from is not recognizing their own cookies or something. I have the required cookies set on my computer for that site, and I have identical ones set on the site I'm trying to run my script on. Do I have to be trying to do this from a server, or at least a computer than can run php?
Ideas?
DanceInstructor
19
Posting Whiz
Are you using curl? You really should have started a new topic in the PHP forum.
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.