1.Previous
3.Next

his site
# A visit to evil.example.com sets a session cookie with the domain .example.com on Alice's browser
# When Alice visits www.example.com this cookie will be sent with the request and Alice will have the session specified by Mallory's cookie.
# If Alice now logs on, Mallory can use her account.

When this attack is complete, Mallory can gain access to www.example.com as Alice.

It is not essential that a user

1.Previous
3.Next