Hey AD, Maybe (probably) I am lost on what I read.
I have my domain on a non dedicated hosting platform. But the only thing in my domain is my site. I thought what I read about "If the cookie's path is set to '/' (the whole domain), then any website on the same domain (might be lots of websites) _will_ get the cookie through HTTP headers and could possibly hijack your session." Are thy referring to the server domain or my domain? My understanding is shared hosting all points to specific ips for that host and then they serve up the domain the user requested. So when someone requests my site they go to 123.123.12.12 for example and they send back my site to the user. The cookie set to '/' is that for mysite.com or 123.123.12.12. Maybe just lost n the trasnlation. Thanks, Dave -----Original Message----- From: AD7six [mailto:andydawso...@gmail.com] Sent: October-13-09 11:24 AM To: CakePHP Subject: Re: Session / Security On 13 oct, 15:48, "Dave Maharaj :: WidePixels.com" <d...@widepixels.com> wrote: > Thanks for the links > > I am on shared hosted server and found when reading > > "If the cookie's path is set to '/' (the whole domain), then any > website on the same domain (might be lots of websites) _will_ get the > cookie through HTTP headers and could possibly hijack your session." > > How can this be avoided in this a situation with shared hosting or not? in what way is using shared hosting relevant to that question, you plan on/are sharing the same domain with servers/people you don't know? AD --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---