In my experience, cookies are not associated with any connection. Normally, to ensure no cookie type session hacking, there is some sort of encryption of variables associated with generating cookies. I have written several such mechanisms, and would suggest the same. This way, it is secure throughout YOUR use of the cookie, and more difficult for someone to hack it. You just need to share a common 'seed' with your servers/pages. i.e. Encrypt a few client side variables, username, etc... -> write the cookie -> read the cookie -> decrypt the cookie. -----Original Message----- From: Arne.Heizmann@xxxxxxx [mailto:Arne.Heizmann@xxxxxxx] Sent: Wednesday, May 25, 2005 9:01 AM To: users@xxxxxxxxxxxxxxxx Subject: Re: [users@httpd] Are cookies associated with connection? Naresh Agarwal wrote: > > Are cookies are associated with underlying connection or they are > independent of the physical connection. Most servers do not support persistent connections anyway (supposedly because they're resource-intensive... that's what LiveJournal.com sysadmins told me). Clearly, since these services still provide log-in mechanisms -- even ones that persist when you close and restart your browser! -- the cookies must remain valid throughout several connections. ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. ********************************************************************** --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx