Re: glimmer of hope -- cookies: www.host.tld vs host.tld
Rob Bloodgood wrote: > > Or at the very least, two segments thereof: > > > > domain=.org.tld > > > --- lots of snippage --- > you have it right at the top. > assuming you are operating in org.tld, so www.org.tld and modperl.org.tld > are valid boxes, then you send the domain string as ".$domain". This one > cost me about a week, so don't feel too bad! > if someone enters our site with domain.tld (no hostname), everything works fine as long as they keep using relative links. as soon as they select or get redirected to an absolute link (usually when changing schemes http <=> https), then the domain of the cookie fails, and the cookie data is lost (as far as the browser is concerned). this problem is avoidable if u insure that a proper hostname is used along with a domain.tld. i do this with mod_rewrite. there are probably many ways to do it, but the effect is the same, insure that the cookie domain matches through the user's entire session. someone suggested using the apache directive "canonical hostname". my canonical hostname does not always match the host and domain.tld of my server. if it does, then this directive will probably eliminate the "no hostname cookie domain matching problem" (a technical term ;-) ). -- ___cliff [EMAIL PROTECTED]http://www.genwax.com/
RE: glimmer of hope -- cookies: www.host.tld vs host.tld
> Or at the very least, two segments thereof: > > domain=.org.tld > > Which would be sent to any of these hosts: > > www.org.tld > some.obscure.server.org.tld > even.here.org.tld > > BUT NOT TO > > ord.tlg > > Thank you very four-borking-days-lost-forever much. > > So, patient gurus laughing-up-your-sleeves, who've known this > from the beginning and have only been waiting for grashopper to > come to the epiphany on his own, would you mind sharing with us > lesser folk... HOW to have cookies work for bare-domain hosts > such as > > this.org > something.net > my.tld > > to operate as aliases for more specific-style sites such as > > www.this.org > www.something.net > a.very.deep.and.remote.server.my.tld you have it right at the top. assuming you are operating in org.tld, so www.org.tld and modperl.org.tld are valid boxes, then you send the domain string as ".$domain". This one cost me about a week, so don't feel too bad! Until now, you've been dealing with not even seeing the cookie header (in the raw req). Once the raw req has the right info, (e.g. the Set-Cookie: header), then it comes down to verifying the info IN the headers. DON'T EXPECT TO SET A COOKIE FOR MULTIPLE DOMAINS. If you set a cookie for .this.org, it's not a part of the technology to allow the same cookie to work w/ .something.net as well. ALTHO: There's nothing stopping you from setting cookies from perl.this.org for the .something.org domain if you expect to go back and forth. HTH, and good luck! L8r, Rob #!/usr/bin/perl -w use Disclaimer qw/:standard/;
Re: glimmer of hope -- cookies: www.host.tld vs host.tld
On Wed, May 02, 2001 at 07:28:05AM -0400, darren chamberlain wrote: > will trillich ([EMAIL PROTECTED]) said something to this effect on 05/02/2001: > > Cookies are restricted to certain domains, for security reasons. > > (Why have a microsoft.com cookie sent to debian.org, right?) > > So all cookies need > > > > domain=box.subnet.intralan.organization.tld > > *snip* > > A similar thread happened a while ago (see, e.g., > >[EMAIL PROTECTED]">http://forum.swarthmore.edu/epigone/modperl/blixnortix/[EMAIL PROTECTED]); > Rusty Foster (of kuro5hin.org fame) explained his solution pretty well > here: > [EMAIL PROTECTED]">http://forum.swarthmore.edu/epigone/modperl/blixnortix/[EMAIL PROTECTED] here's the solution rusty posted: NameVirtualHost 216.181.35.174 # IP of www.kuro5hin.org # Redirect all hostless requests to www VHost ServerName kuro5hin.org Redirect permanent / http://www.kuro5hin.org/ # Proper URI for www.kuro5hin.org ServerName www.kuro5hin.org ...etc... how is that different from UseCanonicalName on -- don't visit this page. it's bad for you. take my expert word for it. http://www.salon.com/people/col/pagl/2001/03/21/spring/index1.html [EMAIL PROTECTED] http://sourceforge.net/projects/newbiedoc -- we need your brain! http://www.dontUthink.com/ -- your brain needs us!
OT: Re: glimmer of hope -- cookies: www.host.tld vs host.tld
u can also use the rewrite engine - for our domain genwax.com: RewriteCond %{HTTP_HOST}^genwax\.com$ [NC] RewriteRule ^(.+) http://www.genwax.com$1 [R,L] notice that it also makes sure to convert any case such as: GeNwAx.com to www.genwax.com -- ___cliff [EMAIL PROTECTED]http://www.genwax.com/ darren chamberlain wrote: > will trillich ([EMAIL PROTECTED]) said something to this effect on 05/02/2001: > > Cookies are restricted to certain domains, for security reasons. > > (Why have a microsoft.com cookie sent to debian.org, right?) > > So all cookies need > > > > domain=box.subnet.intralan.organization.tld > > *snip* > > A similar thread happened a while ago (see, e.g., > >[EMAIL PROTECTED]">http://forum.swarthmore.edu/epigone/modperl/blixnortix/[EMAIL PROTECTED]); > Rusty Foster (of kuro5hin.org fame) explained his solution pretty well > here: > [EMAIL PROTECTED]">http://forum.swarthmore.edu/epigone/modperl/blixnortix/[EMAIL PROTECTED] > > (darren) >
Re: glimmer of hope -- cookies: www.host.tld vs host.tld
will trillich ([EMAIL PROTECTED]) said something to this effect on 05/02/2001: > Cookies are restricted to certain domains, for security reasons. > (Why have a microsoft.com cookie sent to debian.org, right?) > So all cookies need > > domain=box.subnet.intralan.organization.tld *snip* A similar thread happened a while ago (see, e.g., [EMAIL PROTECTED]">http://forum.swarthmore.edu/epigone/modperl/blixnortix/[EMAIL PROTECTED]); Rusty Foster (of kuro5hin.org fame) explained his solution pretty well here: [EMAIL PROTECTED]">http://forum.swarthmore.edu/epigone/modperl/blixnortix/[EMAIL PROTECTED] (darren) -- How is it possible to find meaning in a finite world, given my waist and shirt size? -- Woody Allen
glimmer of hope -- cookies: www.host.tld vs host.tld
Aha. I found a chink. I still only have one brick in the wall, but now it seems like i may have a clue as to why the other bricks have been sitting there, giggling. to wit: Cookies are restricted to certain domains, for security reasons. (Why have a microsoft.com cookie sent to debian.org, right?) So all cookies need domain=box.subnet.intralan.organization.tld Or at the very least, two segments thereof: domain=.org.tld Which would be sent to any of these hosts: www.org.tld some.obscure.server.org.tld even.here.org.tld BUT NOT TO ord.tlg Thank you very four-borking-days-lost-forever much. So, patient gurus laughing-up-your-sleeves, who've known this from the beginning and have only been waiting for grashopper to come to the epiphany on his own, would you mind sharing with us lesser folk... HOW to have cookies work for bare-domain hosts such as this.org something.net my.tld to operate as aliases for more specific-style sites such as www.this.org www.something.net a.very.deep.and.remote.server.my.tld ? Please? at least i'm off the russian roulette kick. for now. -- don't visit this page. it's bad for you. take my expert word for it. http://www.salon.com/people/col/pagl/2001/03/21/spring/index1.html [EMAIL PROTECTED] http://sourceforge.net/projects/newbiedoc -- we need your brain! http://www.dontUthink.com/ -- your brain needs us!