will trillich <[EMAIL PROTECTED]> wrote:
> Pointers welcome, of course, to which FM i should R:
>
> In setting cookies via cgi or whatever, there's rules on
> having to include at least two portions of your domain in the
> cookie, such as for hyperarchive.lcs.mit.edu the minimum
> domain allowable would be mit.edu, right? But you still have to
> put the two dots in, as for example, ".mit.edu".
>
> Would this allow cookies from "smith.mit.edu" and "www.mit.edu"
> AND "mit.edu" to be set properly? Or would they go into the bit
> bucket, for greenpeace-friendly recycling?
http://www.cis.ohio-state.edu/cgi-bin/rfc/rfc2109.html
Here is how to compare domains from section two in the document:
}} Hosts names can be specified either as an IP address or a FQHN
}} string. Sometimes we compare one host name with another. Host
}} A's name domain-matches host B's if
}}
}} * both host names are IP addresses and their host
}} name strings match exactly; or
}}
}} * both host names are FQDN strings and their host
}} name strings match exactly; or
}}
}} * A is a FQDN string and has the form NB, where N
}} is a non-empty namestring, B has the form .B', and
}} B' is a FQDN string. (So, x.y.com domain-matches
}} .y.com but not y.com.)
}}
}} Note that domain-match is not a commutative operation:
}} a.b.c.com domain-matches .c.com, but not the reverse.
Here is section 4.3.2 which specifies under what criteria a user agent
should reject a cookie:
}} * The value for the Domain attribute contains
}} no embedded dots or does not start with a dot.
}}
}} * The value for the request-host does not
}} domain-match the Domain attribute.
These two should answer your question.
David Harris
President, DRH Internet Inc.
[EMAIL PROTECTED]
http://www.drh.net/
