in reply to Re^9: Perl Sessions and Cookies - Cookie don't get passed
in thread Perl Sessions and Cookies - Cookie don't get passed

Ok, but that's not an XSS attack, at least I don't see any mention of client-side script code injection. What you're describing sounds kind of like a CSRF attack, which can be prevented via hidden form inputs. (I would have hoped that you would have read Cross-site scripting by now, considering you're the one who linked to it four days ago.)

  • Comment on Re^10: Perl Sessions and Cookies - Cookie don't get passed

Replies are listed 'Best First'.
Re^11: Perl Sessions and Cookies - Cookie don't get passed
by cheako (Beadle) on Mar 10, 2015 at 00:03 UTC

    Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browser.

    So the browser handles data, user trusts the registration form is not a scam. Site B trusts the cookies/authinfo and applies the changes requested by the OP at Webserver A. == XSS.

[reply]
      So the browser handles data, user trusts the registration form is not a scam. Site B trusts the cookies/authinfo and applies the changes requested by the OP at Webserver A. == XSS.

      No, you still haven't described an XSS attack, so I'm guessing you still haven't read that article. And as you're only quoting the second sentence of the CSRF article, I'm guessing you haven't read the rest of that, either. I suggest you do so before continuing the discussion.

[reply]

In Section Seekers of Perl Wisdom