-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
At 10:21 PM -0400 9/7/00, [EMAIL PROTECTED] wrote:
> >
>> I don't think there's any pretty way to do it. The only thing I can
>> think of off-hand is to generate the cross-server links dynamically,
> > including an encrypted token in the URL which will notify that server
>If you ever implement something like this, just be sure you
>patent it before Amazon does ;>
Actually, I have a strong suspicion that this may be covered by the
OpenMarket patents. I know their authentication software worked
cross-domain, and I know their ordering software worked with
encrypted URL tokens.
At 10:24 AM -0400 9/8/00, darren chamberlain wrote:
>Joe Pearson ([EMAIL PROTECTED]) said something to this effect:
>> I thought you could set a cookie for a different domain - you just can't
>> read a different domain's cookie. So you could simply set 3 cookies when
>> the user authenticates.
>
>You sure can -- otherwise Navigator wouldn't have the "Only accept cookies
>originating from the same server as the page being viewed" option.
Nope, that's for cookies being set by images that are from a
different server than the one you are on. But yes, you could use
that, with a fair bit of trickery. Primary domain sets cookie in
database, page includes image references to secondary domains with
encrypted token. Fetching those images causes a lookup in the
database which then sets the appropriate cookie. Of course, if
someone has set the above-mentioned netscape option, it won't work,
and it won't work if the user doesn't hang around for those two
(probably somewhat delayed) images.
- --
Kee Hinckley - Somewhere.Com, LLC - Cyberspace Architects
(Now playing: http://www.somewhere.com/playlist.cgi)
I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com>
iQA/AwUBObkjaCZsPfdw+r2CEQIwmgCfVt0lfvamfD3TqpXs3mLcglmwr+EAoIAL
/CTdiqk1T4Ik/gHwqwQg6CMu
=bVrB
-----END PGP SIGNATURE-----
