informit.com — Cookies are a useful tool, but they come with a lot of potential for abuse. Not only will advertisers attempt to track your activities, but poorly designed web applications create security holes that attackers can exploit to gain access to account data. We demonstrate what can happen when a website improperly uses cookies for customer tracking.
Dec 18, 2006 View in Crawl 4
josegutzDec 19, 2006
nO.. YOU shut up.
cluelessDec 19, 2006
could you talk more or give some links about this "Internet Explorer's neat "secure cookie" method"?
anonnymouseDec 19, 2006
"I don't know if PHPBB is smart enough to limit sessions to a particular IP address"..."secure method = bind session to IP, and useragent string"Sorry, guys, it don't work that way. The IP address a web server sees is merely the nearest hop on the request forwarding path. If there are HTTP proxy servers involved, THAT'S the IP address you'll see. Plus, you can't guarantee that a user will come in through the same proxy server repeatedly. That's why the whole world started using cookies for this in the first place.
yahoofromDec 19, 2006
I don't use cookies. I eat 'em.
ushteamDec 19, 2006
HttpOnly cookies are okay, not bulletproof but okay
spanishbrowneDec 19, 2006
I got as far as "This content is controlled by doubleclick.net, which probably pays Informit.com (or a partner) to insert their ad at the top of the pages content."For someone who is supposedly an expert on cookies, I would assume they have at least a basic grasp on the concept of 3rd Party ad serving....I can only assume the rest of the article is as ill-informed
hippymickDec 20, 2006
thread getting old .+3 ......so....<a class="user" href="https://addons.mozilla.org/firefox/2497/">https://addons.mozilla.org/firefox/2497/</a>thnx for info Diggers ive used loads of links myself
ushteamDec 20, 2006
@mtoigo: this is what is actually done by php for example, the session id is stored in the cookie while the session data is serialized in a flat file