Just to butt in...
If you have 3 machines:
www1.domain.com
www2.domain.com
www.otherdomain.com
The following is true:
-- www1.domain.com and www2.domain.com can read cookies set to .domain.com
-- www1.domain.com can read cookies set to www1.domain.com
-- www2.domain.com can read cookies set to www2.domain.com
-- www1.domain.com cannot read cookies set to www2.domain.com
-- www2.domain.com cannot read cookies set to www1.domain.com
-- www.otherdomain.com can read cookies set to .otherdomain.com
-- www.otherdomain.com cannot read cookies set to .domain.com or
www1.domain.com or www2.domain.com
-- Brett
-----Original Message-----
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: 7/15/00 10:25 AM
Subject: RE: Domain specific cookies with CFCOOKIE
> I think this is wrong:
>
> <BS>
> Cookies cannot be read from a different domain than where
> they are set.
>
> This is a security precaution built into the cookie specification.
> </BS>
>
> Allaire's documentation for the CFCOOKIE tag says:
> =============
> DOMAIN
> Specifies the domain for which the cookie is valid and to which the
> cookie content can be sent. An explicitly specified domain must always
> start with a dot. This can be a subdomain, in which case the valid
> domains will be any domain names ending in this string.
>
> For domain names ending in country codes (such as .jp, .us), the
> subdomain specification must contain at least three periods, for
> example, .mongo.stateu.us. In the case of special top level domains,
> only two periods are needed, as in .allaire.com.
>
> When specifying a PATH value, you must include a valid DOMAIN.
>
> Separate multiple entries with a semicolon ( ; ).
> ==============
>
> This would indicate that multiple domains, separated by
> semicolons, will enable the cookie to be read at each domain
> specified.
Well, it's good to see someone with a skeptical attitude, but before you
label it BS on the basis of Allaire's relatively terse documentation,
did
you try it with separate domains?
I did, and it didn't work. It set it for the first domain, but not for
the
second. I suspect the Allaire documentation is referring to subdomains,
and
it would make sense that you could set cookies that apply across some
but
not all subdomains within a larger domain.
In any case, CF doesn't control how the browser uses cookies. You could
write CF code all day long to set a cookie for another domain, but that
doesn't mean that the browser will obey that code if the browser has
been
designed to follow the cookie specification. When I tried just setting a
cookie for another domain, CFCOOKIE threw an error:
"Error Occurred While Processing Request
Error Diagnostic Information
Error attempting to set a cookie value with CFCOOKIE.
Invalid CFCOOKIE DOMAIN attribute"
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444
------------------------------------------------------------------------
------
Archives: http://www.mail-archive.com/[email protected]/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk
or send a message to [EMAIL PROTECTED] with
'unsubscribe' in the body.
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/[email protected]/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
