1. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2003
    Rep Power

    cookie security ?

    the thread may seem like a dumb n00b thread, but hey i am a n00b .
    I'm not really asking about "someone stole my credit card info through cookies".

    Here's the deal:
    I have 2 sites (different domain names) running from one server. One is SSL the other is not.
    The SSL site has a login and password, which return the user's unique id, which is stuck into a session cookie.
    This cookie is then checked at every page because every page is built based on the user's id. If it is not present, the user is redirected to the login page.
    If the id is wrong, there will be no information shown on the page.

    My question is this, can the other (non-SSL) web site see this cookie? The site has no asp or anything else, but if someone "broke into" the non-secure site, could they read the cookie from the other site?
    Last edited by mad8vskillz; January 28th, 2003 at 06:42 PM.

IMN logo majestic logo threadwatch logo seochat tools logo