Mobile app version of vmapp.org
Login or Join
Nimeshi995

: Visitors sending cookies that were never set by the host Occasional visitors to my sites send one or more cookies that were never set by my hosts. Sometimes it's an obvious bot. Sometimes it's

@Nimeshi995

Posted in: #Cookie

Occasional visitors to my sites send one or more cookies that were never set by my hosts. Sometimes it's an obvious bot. Sometimes it's even an attempt to exploit. But occasionally it looks like a reasonably legit visit, except for the cookies which are mundane like the date or an IP address.

Are there legitimate reasons why a user agent would deliver cookies to a host which never set them? Do any of the popular human-powered browsers ever do this?

10.01% popularity Vote Up Vote Down


Login to follow query

More posts by @Nimeshi995

1 Comments

Sorted by latest first Latest Oldest Best

 

@Holmes151

...cookies that were never set by my hosts


Is it possible that a previous version of the site, or even the previous owner of the domain, set cookies with a very long (years+) expiry?


Are there legitimate reasons why a user agent would deliver cookies to a host which never set them?


No. It would make no sense. It just bloats the request with meaningless data (unless the site in question is expecting it).


Do any of the popular human-powered browsers ever do this?


I very much doubt it. I've never seen this behaviour with the big named browsers.

However, it may be possible for a rogue browser extension to send these cookies? See security.stackexchange.com/questions/15259/worst-case-scenario-what-can-a-chrome-extension-do-with-your-data-on-all-websi

Sometimes it's an obvious bot.


My bet would be that it's a non-obvious bot testing for exploits.

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme