Ben Kennedy writes:
Sam Varshavchik wrote at 6:20 AM (-0400) on 4/13/06:Fair enough. Though I was under the impression that subdomain.domain.com can set cookies under domain.com. I just lookedIt can, and it's a domain that you control, in both cases.Really? This surprises me. By that logic, you should be able to set a cookie for all of .com as well. From the DNS standpoint there is no difference between the relationships "sub.domain.com : domain.com" and "domain.com : com". Does the HTTP cookie spec have a particular provision for second-level domains?
Actually, they surprisingly do. http://wp.netscape.com/newsref/std/cookie_spec.htmlThat, believe it or not, is the authoritative definition of cookies. Of course, the list of global TLDs is now larger, but except for that, this is the authoritative source. There are some RFCs, that nobody is really paying any attention to, but this is the authoritative source. The Wikipedia entry on HTTP Cookies provides the historical context.
pgppTLMdBK383.pgp
Description: PGP signature
