Re: IE cookie menagment and CSRF

Dnia 2004-08-21 21:21, UÅytkownik Finite napisaÅ:

> The ebay example wouldn't work, of course, since eBay requires you to
damn !! so I won't get rich. I wonder who will but my 199$ matches now? :)

> confirm your bid by clicking a button that POSTs. I'd be surprised if
> Mozilla didn't send cookies as you describe, since that is the way
it depends on the config i don't remember changing that but i had it 
disabled which is not default in 1.7 maybe it was before
now i know why mozilla didn't send them :)
In default config it also sends them. So its my bad.

So if this schema is widly used it is a flaw in web page if it accept
important data as GET requests

But still you can't disable this cookies in IE unlike in mozilla or opera.

--
lazy