Jump to content

Is stealing cookies still worth it?


Recommended Posts

I'm wondering, since the Gmail cookie stealin' news, and the attention it brought to how and why cookies could be vulnerable, is it still worth stealing cookies? Doesn't every big site has measures taken against cookie stealing, or more specific, cookie re-using from a different PC/OS/browser/MAC/IP?

Would you still really be able to simply log in as a certain user by using a captured cookie?

Link to comment
Share on other sites

The way most websites are written is that only a unique ID is stored in the cookie, and all data regarding the session is stored on the server. Depending how that ID is generated it could lead to session hijacking. PHP's default session ID are usually prone to hijacking because it doesn't automatically check the ID for validity. So, it really depends on how the site was written.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...