Session riding


#1

When a user browses my script I’d like to grab a session cookie from the
browser, then use that cookie to request html from a site the user has
already logged in to. I’ve been struggling with this for a few days now,
is it even possible? It seems like it should be but I can think of a
couple of Bad Things one could do with it.

Anyways, my intentions are benign. I’d like to do some screen scraping
from a site that requires a login but I dont want to force people to
trust me with their information (at least sessions expire).


#2

Chad Layton wrote:

When a user browses my script I’d like to grab a session cookie from the
browser, then use that cookie to request html from a site the user has
already logged in to. I’ve been struggling with this for a few days now,
is it even possible? It seems like it should be but I can think of a
couple of Bad Things one could do with it.

Anyways, my intentions are benign. I’d like to do some screen scraping
from a site that requires a login but I dont want to force people to
trust me with their information (at least sessions expire).

A normal browser will only send you cookies in the same
domain as the request, so this is likely not possible.

E