- From: Yoav Nir <ynir.ietf@gmail.com>
- Date: Sun, 26 Oct 2014 15:06:49 +0200
- To: Zhong Yu <zhong.j.yu@gmail.com>
- Cc: Mike West <mkwst@google.com>, HTTP Working Group <ietf-http-wg@w3.org>
> On Oct 26, 2014, at 1:11 AM, Zhong Yu <zhong.j.yu@gmail.com> wrote: > > Set-Cookie3? Just kidding. > > Although, is it a serious problem that cookies can be set from > different origins within a domain? Typically, a domain and its > subdomains run code written by the same people. I think this one is a common case, but I don’t think it’s true in most cases. Definitely not the case for companies (as opposed to content providers). For example, my company has a public web site checkpoint.com, that is pretty much a “storefront” type website. It’s probably running on Apache or nginx and written by website designers. We have a supportcenter.checkpoint.com that has support articles, price lists and the like, and written by different website designers. Then we have exchange.checkpoint.com that is a Microsoft server, A SAP portal written by SAP, and even sslvpn.checkpoint.com (now disabled) that runs (not surprisingly) an SSL-VPN solution written by us. So no, you can’t assume that subdomains are written by the same people. Yoav
Received on Sunday, 26 October 2014 13:07:26 UTC