Question:Under normal circumstances—and ignoring any browser bugs—how can a cookie be accessed from a domain other than the one it was set for?
A By consulting the HTTP_REMOTE_COOKIE header
B It cannot be done
C By setting a different domain when calling setcookie()
D By sending an additional request to the browser
E By using Javascript to send the cookie as part of the URL
+ ExplanationAnswer B is correct. Browsers simply do not allow an HTTP transaction that takes place on
one domain to set cookies for another domain. Doing otherwise would present clear security
implications: for example, a malicious page on one domain could overwrite your session ID for another domain and force you to use another session to which a third party has access without your knowledge.