This script demonstrates handling input to CGI scripts in a convenient and consistent way. All of the Form, URL, and Cookie input is processed and placed into an array. To send information to this script, use one of the following methods:

Write a Review   Add Favorite   Refer it to Friend   Report Broken Link  
Date Added: Oct 10, 2006 Hits: 0 Rating: 0.00 Votes: 0

While reading the Netscape Cookie Specification on May 6th, 1998 it occured to me that there was a vulnerabilty in their specification. By exploiting the fact that a domain with a trailing dot ('.') character is the same domain as the fully qualified domain name, and thinking recursively about their 'two dot' and 'three dot' domain sharing rules, I asked myself, what if they implemented simply dot counting without checking that there are in fact names in between the dots? In other words, would a domain name with multiple trailing dot characters be able to evade the 'two dot/three dot' limits on who they can share cookies with?

Write a Review   Add Favorite   Refer it to Friend   Report Broken Link  
Date Added: Oct 10, 2006 Hits: 0 Rating: 0.00 Votes: 0

State of mind
Since http is a stateless protocol, meaning each transaction is distinct and there is no memory from one to the next, tracking a browser through a site can be difficult at best. A user could visit a site, leave, and come back a day or a minute later, possibly from a different IP address. The site maintainer previously had no way of knowing if this was the same browser or not.

Write a Review   Add Favorite   Refer it to Friend   Report Broken Link  
Date Added: Oct 10, 2006 Hits: 0 Rating: 0.00 Votes: 0