Its the other way around. In a test, I have set a cookie for site B in site
A. What this has the potential to do is set cookies for another site, thus
screwing with the user's normal data. I am not a fan of cookies, and found
this glaring hole some time back. It does has some use for failover setups,
but I am not a fan of it.
"Aaron Bertrand - MVP" <aa***@TRASHaspfaq.com> wrote in message
news:uP**************@TK2MSFTNGP12.phx.gbl...
You are indeed able to specify the domain at which a cookie is set. So,
if a person surfs to imahacker.com, that site can put a cookie on their
system with a domain of mysite.com
This sounds like a very theoretical assertion. Have you actually tried
this? I have, and it doesn't work... even if it did, it's working the
wrong way around... for a site like imahacker.com to get any useful information
from the user, www.legitimatesite.com would have to knowingly and
intentionally create an "imahacker.com" cookie...