De Gang Thierry wrote:
Well, ravenclans.com and ravenforums.com are both on the same host and using
the same main directories, yet each has their own directory to work with.
Thus this doesn’t make a security breach for me.
Sorry, but that is pretty much irrelevant, since the web servers and the
browsers and the RFCs that dictate how these things work are what they are.
Now if instead of naming your domains (and hosts) ravengames.com and
ravenforums.com, you had named them games.raven.com and
forums.raven.com, then you could probably do what you want.
Just in case you would have this idea, let me discourage you right away
: you cannot set your cookie domain to just ".com". That doesn't work
either.
The definite authority is RFC2965 (http://tools.ietf.org/html/rfc2965).
For an easier to read version, see http://en.wikipedia.org/wiki/HTTP_cookie
which in the section "Cookie attributes" has the phrase "For security
reasons, the cookie is accepted only if the server is a member of the
domain specified by the domain string."
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
