[Cryptography] Is this a solved problem?

John Levine johnl at iecc.com
Thu Oct 1 13:30:48 EDT 2020


In article <CAOW4vyNcVxND63QtdPAfT6an05EBqQptAN43+8cbhD=8-G2AgA at mail.gmail.com> you write:
>We all assume the user email agent runs in the same browser the user is
>using to access a commerce site. This is not always the case...

For email agents that are separate programs, they generally open a URL
by passing it to the user's default browser, so the cookie trick
works.

It's true, if for some reason you read your mail in Firefox and do your
shopping in Safari, it won't work, but I don't think that's very common.

R's,
John

>> This is pretty typical, leaving a cookie that lets the user continue
>> an existing session later. That's why they ask the irritating question
>> about whether this is a shared computer so they can make the cookie
>> expire quickly instead.


More information about the cryptography mailing list