De Gang Thierry wrote:
Well, ravenclans.com and ravenforums.com are both on the same host and using the same main directories, yet each has their own directory to work with. Thus this doesn’t make a security breach for me.
Sorry, but that is pretty much irrelevant, since the web servers and the browsers and the RFCs that dictate how these things work are what they are.
Now if instead of naming your domains (and hosts) ravengames.com and ravenforums.com, you had named them games.raven.com and forums.raven.com, then you could probably do what you want.
Just in case you would have this idea, let me discourage you right away : you cannot set your cookie domain to just ".com". That doesn't work either.
The definite authority is RFC2965 (http://tools.ietf.org/html/rfc2965). For an easier to read version, see http://en.wikipedia.org/wiki/HTTP_cookiewhich in the section "Cookie attributes" has the phrase "For security reasons, the cookie is accepted only if the server is a member of the domain specified by the domain string."
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|