Hello, On 5 March 2015 at 09:34, Thomas De Schampheleire <[email protected]> wrote: >>> Then with this wrapper, can't we also change the cookie name to >>> append the port, as an alternative to my recent patch fixing it in >>> the config file?
>> In theory, yes, but I'm not sure we should :) I'm not sure however, the >> port is the only thing to distinguish between different services. If it >> were me, I'd have different services running on the same port, but I'd >> had them available at different domains. Given that, I think your >> original patch might be better. > But if you use different domains, then the cookies would be unique, > correct? One cookie would be for example.com:80 with name > kallithea-80, and the other for otherexample.com:80 with name > kallithea-80. These cookies cannot collide, AFAIK. Okay, makes sense. > I think the same is true when using subdomains. At least, in RFC6265 I > don't see a mention about this not working. > The biggest disadvantage with my current patch is that we're using the > app_instance_secret that could be needed for some other purpose in the > future. True. I'll hack something around this today. -- Cheers, Andrew _______________________________________________ kallithea-general mailing list [email protected] http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
