Re: Accomodating Netscape-style cookies?
Kartik Subbarao (subbarao@computer.org)
Sun, 15 Mar 1998 16:27:02 -0500
Gisle Aas wrote:
> Kartik Subbarao <subbarao@computer.org> writes:
>
> > Gisle Aas wrote:
> >
> > > Kartik Subbarao <subbarao@computer.org> writes:
> > >
> > > A domain attribute of "acme.com"
> > > > would match host names "anvil.acme.com" as well as
> > > > "shipping.crate.acme.com".
> > > > ---
> > >
> > > But hopefully Netscape does not send the cookie to www.pacme.com as
> > > well??
> > >
> > > Can you verify that this does not happen with your patch then I will
> > > apply it.
> >
> > I can't think of a simple way to simulate this -- any ideas?
>
> I just added entries like this:
>
> 127.0.0.1 www.acme.com acme.com
> 127.0.0.1 www.pacme.com
> to my /etc/hosts file and let Netscape connect a simple hand-driven
> server like the one included below.
Clever idea :-)
> I tested with Netscape 4.03 and
> it would not accept:
>
> Set-Cookie: foo=bar; domain=acme.com
>
> from either acme.com or www.acme.com. Perhaps newer Mozillas do
> require the domain to be prefixed with a dot.
I'm running 4.04 on my system and, just as in your case, it did not accept
a cookie for domain=acme.com. However, it *did* accept a cookie from
www.acme.com for domain=www.acme.com:
Set-Cookie: foo=bar; domain=www.acme.com
And it also accepted a cookie for .acme.com set from a.b.acme.com:
Set-Cookie: acme=1; domain=.acme.com
Here's some more information from the Netscape spec that talks about when
it will accept cookies:
---
Only hosts within the specified domain can set a cookie for a domain and
domains must have at least two (2) or three (3) periods in them to prevent
domains of the form: ".com", ".edu", and "va.us". Any domain that fails
within one of the seven special top level domains listed below only require
two periods. Any other domain requires at least three. The seven special
top level domains are: "COM", "EDU", "NET", "ORG", "GOV", "MIL", and "INT".
---
-Kartik