Hi Andrew, On Thu, Mar 5, 2015 at 8:01 AM, Andrew Shadura <[email protected]> wrote: > Hello, > > On Thu, 05 Mar 2015 06:58:30 +0100 > Thomas De Schampheleire > <[email protected]> wrote: > >> Then with this wrapper, can't we also change the cookie name to >> append the port, as an alternative to my recent patch fixing it in >> the config file? > > In theory, yes, but I'm not sure we should :) I'm not sure however, the > port is the only thing to distinguish between different services. If it > were me, I'd have different services running on the same port, but I'd > had them available at different domains. Given that, I think your > original patch might be better.
But if you use different domains, then the cookies would be unique, correct? One cookie would be for example.com:80 with name kallithea-80, and the other for otherexample.com:80 with name kallithea-80. These cookies cannot collide, AFAIK. I think the same is true when using subdomains. At least, in RFC6265 I don't see a mention about this not working. The biggest disadvantage with my current patch is that we're using the app_instance_secret that could be needed for some other purpose in the future. _______________________________________________ kallithea-general mailing list [email protected] http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
