I spent some time this evening researching cookies. I found interesting things like this ancient security hole in netscape and IE, that lets two web sites on unrelated domains both see the same cookie. This was discovered in late 1998 and is still not fixed in netscape.
Or, take the cookie RFC itself, and perl's CGI::Cookie module, which claims to follow RFC 2109 but violates it in (at least) 4 different ways. Of course, I doubt this matters, since netscape has not been updated to support RFC 2109 at all anyway.
Sigh. Rant Rant Rant.
Add a comment