Re: Session tracking

Larry Masinter (masinter@parc.xerox.com)
Thu, 20 Apr 1995 02:11:26 +0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Staffan Berger, ElektroPost: "Util for convert hrefs /PC/NT"
Previous message: Dave Cardinal: "Re: Session tracking"
Maybe in reply to: Brian Behlendorf: "Session tracking"
Next in thread: Thomas Maslen: "Re: Session tracking"

> o The "domain" attribute, if present, specifies a server domain in the
> form of a TCP/IP domain name. Note that the domain acts as a tail end
> mask. All hosts within the specified domain will recieve the cookie
> on subsequent requests. Only hosts within the specified domain can
> set a cookie for a domain and domains must have at least two (2)
> periods in them to prevent domains of the form: ".com" and ".edu".
> ".mcom.com" is an example of a valid domain.

This doesn't work outside of the US. For example, companies in the UK
tend to have domain names that end in .co.uk. I don't know if you can
tell merely by syntax what the actual domain of authority is for a DNS
name.

Is this a necessary feature? If it isn't reliable and can be abused,
it would be best to avoid it.

Next message: Staffan Berger, ElektroPost: "Util for convert hrefs /PC/NT"
Previous message: Dave Cardinal: "Re: Session tracking"
Maybe in reply to: Brian Behlendorf: "Session tracking"
Next in thread: Thomas Maslen: "Re: Session tracking"