Deleted user
posted 4 years ago
Considering that I have a website that only creates one cookie that identifies a user's session, is it fine to embed a said website in an iframe without prior consent? Accessing the webpage in a logged-out state does not create a cookie, however, being logged in makes the value accessible to the website's server/javascript that is loaded in the frame.
