问题
I am working on a web application where I have to tell user that he is logged in gmail or yahoo or facebook account. I think this can be done using cookies.
How to find out it?
what is the cookie name of these accounts, so that I can check their presence
回答1:
Gmail can be tested by linking to a public image in your own google account. Facebook can be tested by loading your own profile, as a script. Both of these links will succeed if the person is logged into the respective service and fail if they are not. Afraid I don't know specific details for Yahoo but I imagine a similar technique would work.
A good article on this is located here, I believe the techniques both still work:
https://grepular.com/Abusing_HTTP_Status_Codes_to_Expose_Private_Information
回答2:
This is inherently meant to be IMPOSSIBLE. What you are asking for would be by definition, a cross site scripting attack, everything about a web browser is supposed to stop you from doing this.
来源:https://stackoverflow.com/questions/5903733/find-out-if-someone-is-logged-in-gmail-yahoo-and-facebook