- From: Mikko Rantalainen <mikko.rantalainen@peda.net>
- Date: Wed, 23 Mar 2005 11:38:45 +0200
Hallvord Reiar Michaelsen Steen wrote: > On 21 Mar 2005 at 17:57, Chris Holland wrote: >>1) disable cookies for a ContextAgnosticHttpRequest >>2) maintain an entirely separate cookie table for this request. the >>question then becomes, do we maintain a separate cookie table for each >>referring document? [...] > > Yes, sounds like that would really complicate browser cookie > handling. A third way would be to discard previous cookies and not > send any with the first request, but keep and send any cookies during > subsequent http communication. Discarding all cookies for a domain isn't an option. In that case, I could delete all *your* cookies for any domain I want by simply loading a resource from that host. I think that the right thing to do is not to support cookies for cross domain requests. If you need cookies, you have to use primary server as a proxy. -- Mikko
Received on Wednesday, 23 March 2005 01:38:45 UTC