Re: session riding

From: Eero Saynatkari <ruby-forum-reg@xxxxxxxxxxxxxx>
Date: Thu, 29 Dec 2005 10:51:00 +0900

Chad Layton wrote:
> When a user browses my script I'd like to grab a session cookie from the
> browser, then use that cookie to request html from a site the user has
> already logged in to. I've been struggling with this for a few days now,
> is it even possible? It seems like it should be but I can think of a
> couple of Bad Things one could do with it.
>
> Anyways, my intentions are benign. I'd like to do some screen scraping
> from a site that requires a login but I dont want to force people to
> trust me with their information (at least sessions expire).

A normal browser will only send you cookies in the same
domain as the request, so this is likely not possible.

E

--
Posted via http://www.ruby-forum.com/.

.

References:
- session riding
  - From: Chad Layton

Prev by Date: Re: What is the difference between :foo and "foo" ?
Next by Date: Re: get mixin's name
Previous by thread: session riding
Index(es):
- Date
- Thread

Relevant Pages

Re: How to share session with IE
... my browser module if necessary. ... program can load the cookies from your real browser's cookie store ... "need to login" condition, and react accordingly. ... Another option instead of making your program run through a series of clicks and text inputs, which is difficult to program, is to browse the html source until you find the name of the script that processes the login, and use python to request the page with the necessary form fields encoded in the request. ...
(comp.lang.python)
Re: set cookie in nusoap web service, IE behaves diff than Firefox
... > browser as the first output. ... > Works fine in IE6 and the service returns the state of the cookie in the ... it rather implies that $this->headers refers to the headers sent ... I don't think 'Content-Type' is required in the request. ...
(comp.lang.php)
Re: ADFS Token Auth clarification
... cookie is a session cookie, ... Session cookies are shared across a browser process. ... Windows opened by that process. ...
(microsoft.public.windows.server.active_directory)
Re: [PHP] Question about authenticating people...
... If that's all you're using the session for then you can easily drop the session (and therefore the session ID cookie) and just store that info in a cookie. ... Also bear in mind that the client (human or browser) can change the contents of a cookie at any time so you need to re-validate them on every page request. ...
(php.general)
Re: login website that using PHP
... The behaviour with the browser is what is known as a 'session cookie' ... You handle the cookie using ClientCookie (Python 2.3) or cookielib ...
(comp.lang.python)