Re: Session tracking

Lou Montulli (montulli@netscape.com)
Thu, 20 Apr 1995 19:40:15 +0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Gerald W. Edgar: "Re: Compuserve's Web browser (SPRY - Are you listening?)"
Previous message: Laura Lemay, Killer of Trees: "Re: Compuserve's Web browser"
Maybe in reply to: Brian Behlendorf: "Session tracking"
Next in thread: Larry Masinter: "Re: Session tracking"

On Apr 19, 11:04pm, Larry Masinter wrote:
> Subject: Re: Session tracking
> > o The "domain" attribute, if present, specifies a server domain in
the
> > form of a TCP/IP domain name. Note that the domain acts as a tail
end
> > mask. All hosts within the specified domain will recieve the cookie
> > on subsequent requests. Only hosts within the specified domain can
> > set a cookie for a domain and domains must have at least two (2)
> > periods in them to prevent domains of the form: ".com" and ".edu".
> > ".mcom.com" is an example of a valid domain.
>
>
> Is this a necessary feature? If it isn't reliable and can be abused,
> it would be best to avoid it.
>

This is a necessary feature for any large site wishing to make use
of cookies. Since you often want to run multiple machines this
allows the cookie to be shared among those multiple machines. For
instance you may want have all your shopping pages an a machine
that only serves static pages and then have the acually buying or
checkout process on another machine that is specifically geared
for cgi processing.

:lou

-- 
Lou Montulli                 http://www.mcom.com/people/montulli/
       Netscape Communications Corp.

Next message: Gerald W. Edgar: "Re: Compuserve's Web browser (SPRY - Are you listening?)"
Previous message: Laura Lemay, Killer of Trees: "Re: Compuserve's Web browser"
Maybe in reply to: Brian Behlendorf: "Session tracking"
Next in thread: Larry Masinter: "Re: Session tracking"