> -----Original Message----- > However a CSRF attack is NOT trying to access a third party cookie. > > The web browser make the same GET request whether it is using <img/> TAG > or the user clicking on a link. So in either case the cookies are in the > context of the website to which the cookies belong.
I think Curt was correct actually. Hopefully the test I sent earlier can confirm or at least cross-reference this. -Ed -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
