Cookies Session bypass management

Cookie cookie = new Cookie(“user”, user.getEmail());
cookie.setPath(“/”);
// cookie.setHttpOnly(true);

cookie.setMaxAge(3600);
cookie.setDomain(“localhost”);
response.addCookie(cookie);

HttpHeaders requestHeaders = new HttpHeaders();
requestHeaders.add(“Cookie”, “JSESSIONID=” + request.getSession().getId() + “;user=”+user.getEmail());

return “redirect:http://localhost:8181/loginmodules/fb/login”;

https://spring.io/blog/2015/06/08/cors-support-in-spring-framework

As far as I know, cookies are limited by the “same origin” policy. However, with CORS you can receive and use the “Server B” cookies to establish a persistent session from “Server A” on “Server B”.

Although, this requires some headers on “Server B”:

Access-Control-Allow-Origin: http://server-a.domain.com
Access-Control-Allow-Credentials: true

TechieHints SOFTWARE

Cookies Session bypass management

Rate this:

Cookies Session bypass management

Rate this:

Share this: