Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Are some Browser/Emailclient combis sharing Cookies?
Posted by: oneflewup
Date: January 24, 2007 12:20AM

does anybody know how browser/emailclients work together in regards to sharing cookies?

if there is an image embedded in an html email - will some email clients send along cookies (if the browser posses them) for that domain when downloading the resource?

it seems that browser and email clients are often working tightly together. Maybe some of you guys already investigated this.

Options: ReplyQuote
Re: Are some Browser/Emailclient combis sharing Cookies?
Posted by: rsnake
Date: January 25, 2007 10:50AM

They don't share cookies. Are you talking about image tracking? That doesn't require the support of the email clients the person sending the email just sends a unique tracking token in the URL string that they associate with the email address they have on file:

joe@freemail-site.com -> 123412341234

Then they include a link that is something like:

<IMG SRC="http://www.trackingsite.com/img.jpg?123412341234">

When your browser opens the HTML tag sends the 123412341234 and the tracking site knows that joe@freemail-site.com opened the email.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote


Sorry, only registered users may post in this forum.