|
|
|
|
|
|
by deizel
4864 days ago
|
|
|
Say you set a session cookie that spans multiple subdomains (cookie domain = `.example.com`). Now, if one of your authenticated users visits the wrong subdomain, they are directed to a server of name.com's choice. That server now has access to your user's session ID (using Javascript or PHP or whatever to read the cookie). |
|
|