[thesite] My Intro and a look at a UEUE Proposal

Martin martin at members.evolt.org
Thu Oct 18 13:52:27 CDT 2001


Warden, Matt wrote on 18/10/01 2:08 pm

>>>that aside, the top-level pages of m.e.o (account signup, front page, etc.)
>>>all need to respond to the user and be able to read a cookie with that
>>>user's authentication.  i see no way of being able to do that without
>>>exposing the cookie to m.e.o accounts.
>>
>>What I was thinking of was putting the admin stuff (account signup
>>etc) on a separate subdomain, and having the cookies set at
>>subdomain level (weo, aeo etc specified separately rather than as
>>*eo) for everything except meo.
>
>someone correct me if i'm wrong, but...
>
>there can be only one path for a cookie. IOW, you'd have to set X copies
>of the same cookie (except for a different path attribute) where X is the
>number of subdomains we want that cookie to be read from.

Yup.

More work, but more secure.

Cheers
Martin

_______________________________________________
email: martin at easyweb.co.uk             PGP ID: 0xA835CCCB
       martin at members.evolt.org      snailmail: 30 Shandon Place
  tel: +44 (0)774 063 9985                      Edinburgh,
  url: http://www.easyweb.co.uk                 Scotland





More information about the thesite mailing list