There is a 'secure' flag for cookies to make sure
they are only transfered during a secure session.
I would assume it would have to be set initially
via a secure request too.
--
Hari
On Tue, Oct 14, 2003 at 06:35:55PM -0700, Tofu Optimist wrote:
> Many thanks Hari.
>
> Turns I was having an "ac
Many thanks Hari.
Turns I was having an "acme.com" vs. "www.acme.com"
cookie descrepancy, and I didn't notice the obvious
until you reminded me.
I am glad it wasn't a mod_perl or apache oddity!
Curious: does scheme matter? That is,
can a cookie set by http://acme.com be read by
https://acme.c
Ideally, the cookie set by a request (be it an image or html)
originally sent to Site A should always be returned to any future
request to Site A. However, browsers now-a-days allow users to turn
off third party cookies - which may throw away any cookies from/to your core
site. Are you seeing this
