I’m working on a “reverse SSL-Proxy” and integrated your “PHP-Proxy”. Because “PHP-Proxy” don’t support User-Login, I wrote some code on my “reverse SSL-Proxy” for User-Login (Cookie-Based) and notice that “PHP-Proxy” forwards all Cookies to the target domain. So, I coded into my “reverse SSL-Proxy” that the login-cookie gets deleted on every request through the “reverse SSL-Proxy”. Now the target domain server does not get my Login-Cookie from the “reverse SSL-Proxy”.
And now the Security-Bug: If I login into something like “Facebook” or “Google”, the login cookie of this Domains is passed to all other domains I’m browsing latter, because the Domain name and the path to it is always the same. Only the URL-Param are changing.
I’m working on a “reverse SSL-Proxy” and integrated your “PHP-Proxy”. Because “PHP-Proxy” don’t support User-Login, I wrote some code on my “reverse SSL-Proxy” for User-Login (Cookie-Based) and notice that “PHP-Proxy” forwards all Cookies to the target domain. So, I coded into my “reverse SSL-Proxy” that the login-cookie gets deleted on every request through the “reverse SSL-Proxy”. Now the target domain server does not get my Login-Cookie from the “reverse SSL-Proxy”.
And now the Security-Bug: If I login into something like “Facebook” or “Google”, the login cookie of this Domains is passed to all other domains I’m browsing latter, because the Domain name and the path to it is always the same. Only the URL-Param are changing.
That’s a huge security bug ….