Forum: Ruby session riding

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
16891a11b3c6e8b08dd738471e1fa3f1?d=identicon&s=25 Chad Layton (Guest)
on 2005-12-29 02:43
(Received via mailing list)
When a user browses my script I'd like to grab a session cookie from the
browser, then use that cookie to request html from a site the user has
already logged in to. I've been struggling with this for a few days now,
is it even possible? It seems like it should be but I can think of a
couple of Bad Things one could do with it.

Anyways, my intentions are benign. I'd like to do some screen scraping
from a site that requires a login but I dont want to force people to
trust me with their information (at least sessions expire).
Fe9b2d0628c0943af374b2fe5b320a82?d=identicon&s=25 Eero Saynatkari (rue)
on 2005-12-29 02:50
Chad Layton wrote:
> When a user browses my script I'd like to grab a session cookie from the
> browser, then use that cookie to request html from a site the user has
> already logged in to. I've been struggling with this for a few days now,
> is it even possible? It seems like it should be but I can think of a
> couple of Bad Things one could do with it.
>
> Anyways, my intentions are benign. I'd like to do some screen scraping
> from a site that requires a login but I dont want to force people to
> trust me with their information (at least sessions expire).

A normal browser will only send you cookies in the same
domain as the request, so this is likely not possible.


E
This topic is locked and can not be replied to.