[thelist] cold fusion cookie question

Chris Evans chris at fuseware.com
Tue Jul 24 12:53:41 CDT 2001


Oops, looks like I missed that part of your question.  Interesting question.
This is what the cookie spec
(http://www.netscape.com/newsref/std/cookie_spec.html)
says about domain:

"Only hosts within the specified domain can set a cookie for a domain and
domains must have at least two (2) or three (3) periods in them to prevent
domains of the form: ".com", ".edu", and "va.us". Any domain that fails
within one of the seven special top level domains listed below only require
two periods. Any other domain requires at least three. The seven special top
level domains are: "COM", "EDU", "NET", "ORG", "GOV", "MIL", and "INT". "

This makes an interesting case.  I'm pretty sure that if you use
DOMAIN=".www.rudy.ca", anybody who hits rudy.ca directly won't be able to
read the cookies.  This isn't a CF issue, looks like a cookie protocol
issue. HAve you ever done cookies with Javascript, or any other language, on
this domain?

Chris Evans
chris at fuseware.com
http://www.fuseware.com



-----Original Message-----
From: thelist-admin at lists.evolt.org
[mailto:thelist-admin at lists.evolt.org]On Behalf Of rudy
Sent: Tuesday, July 24, 2001 1:20 PM
To: thelist at lists.evolt.org
Subject: Re: [thelist] cold fusion cookie question


> You should use DOMAIN=".rudy.ca"

thanks chris

so, basically, you're saying the documentation is wrong?

sorry, i just want to make sure before i spend a few hours coding something
that isn't going to work...

>   For domain names ending in country codes (such as .jp, .us),
>   the subdomain specification must contain at least three periods,



rudy


---------------------------------------
For unsubscribe and other options, including
the Tip Harvester and archive of TheList go to:
http://lists.evolt.org Workers of the Web, evolt !






More information about the thelist mailing list