On 19 Apr 2002 at 16:30, Hrvoje Niksic wrote: > To quote from there: > > [...] Only hosts within the specified domain can set a cookie for > a domain and domains must have at least two (2) or three (3) > periods in them to prevent domains of the form: ".com", ".edu", > and "va.us". Any domain that fails within one of the seven special > top level domains listed below only require two periods. Any other > domain requires at least three. The seven special top level > domains are: "COM", "EDU", "NET", "ORG", "GOV", "MIL", and "INT". > > This is amazingly stupid.
It seems to make more sense if you subtract one from the number of periods. > It means that `www.arsdigita.de' cannot set > the cookie for `arsdigita.de'. To make *that* work, you'd have to > maintain a database of domains that use ".co.xxx" convention, as > opposed to those that use just ".xxx". Could you assume that all two-letter TLDs are country-code TLDs and require one more period than other TLDs (which are presumably at least three characters long)?
