Tutorial :How did CNN get my Facebook login information? [closed]


I browsed to CNN and was horrified to see my Facebook picture there with a "post a comment" box. How did CNN get my Facebook login information?

More specifically, how did CNN know I was logged into Facebook? It seems like CNN would have to have access to a cookie set by Facebook to do that.

This is the only sequence I can think of.

I browse to Facebook and log in.
I check the "Keep me logged in" box.
Facebook places an authorization cookie on my machine.
I browse to CNN.
CNN reads my Facebook cookie and sends the authorization code to a Facebook API.
The Facebook API verifies my login information and displays the comment box.

Is this what is happening? Or is there some other voodoo going on?

I've seen cross-site stuff like this with advertising, but that just displays information. I just assumed sites like LinkedIn sold my information to advertisers. Automatically logging me into a third-party site seems totally different.


It's an iframe. The iframe has access to your facebook cookies, but the containing site does not.


a better explination at http://my.opera.com/quakerdoomer/blog/2010/05/26/enforcing-disclosures-the-present-social-networking-e-identities-helplessness

Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Next Post »