On Sat, Nov 20, 2010 at 8:13 AM, Benji York <email address hidden> wrote:
> It turns out that the cookie spec(s) (and browser implementations) don't
> allow setting a domain without a leading dot, so specifying a cookie
> with domain=launchpad.net isn't even possible. Even if it were, having
> the same cookie with two different domains (example.com and
> .example.com) wouldn't work because one will always override the other.
I don't quite follow.
The cookies can override each other without breaking the proposal -
they have the same value.
What happens in browsers where we try to set both, once with and without the . ?
If they silently ignore the non-leading dot one, it seems like a win.
On Sat, Nov 20, 2010 at 8:13 AM, Benji York <email address hidden> wrote: launchpad. net isn't even possible. Even if it were, having
> It turns out that the cookie spec(s) (and browser implementations) don't
> allow setting a domain without a leading dot, so specifying a cookie
> with domain=
> the same cookie with two different domains (example.com and
> .example.com) wouldn't work because one will always override the other.
I don't quite follow.
The cookies can override each other without breaking the proposal -
they have the same value.
What happens in browsers where we try to set both, once with and without the . ?
If they silently ignore the non-leading dot one, it seems like a win.
-Rob