Hacker News new | past | comments | ask | show | jobs | submit login

I don't understand what you are saying ? Is it that there is a security issue arising from the DNS hijacking ? If so what's the issue ?



Say you set a session cookie that spans multiple subdomains (cookie domain = `.example.com`).

Now, if one of your authenticated users visits the wrong subdomain, they are directed to a server of name.com's choice.

That server now has access to your user's session ID (using Javascript or PHP or whatever to read the cookie).




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: