Revision as of 19:20, 11 March 2020 edit NotTheFakeJTP (talk \| contribs) Autopatrolled, Extended confirmed users, New page reviewers, Pending changes reviewers, Rollbackers 17,719 edits →Semi-protected edit request on 11 March 2020: Responded to edit request (EPH) ← Previous edit		Revision as of 19:31, 11 April 2020 edit undo Pleasancoder (talk \| contribs) 76 edits m →wrong info: This restriction eliminates the threat of cookie theft via cross-site scripting (XSS) Next edit →
Line 183: - https://www.youtube.com/watch?v=jrKOdWPZtAg - https://stackoverflow.com/questions/8064318/how-to-read-a-secure-cookie-using-javascript --[[User:Pleasancoder\|Pleasancoder]] ([[User talk:Pleasancoder\|talk]]) 19:30, 11 April 2020 (UTC) There are two different techniques: XSS and XSRF. The above cited materials are talking about XSRF, it may not even need ''scripting'' (that last '''S''' in XSS). By the way, XSRF would be effectively blocked if appropriate cookies are set to SameSite=Strict and users are using recent version of browsers that respect that cookie attribute. See Same-site cookie section. == Semi-protected edit request on 7 August 2019 - Grammatical Edit ==

Talk:HTTP cookie: Difference between revisions