- From: Hallvord R M Steen <hallvors@gmail.com>
- Date: Sun, 27 Mar 2005 17:34:20 +0200
On Wed, 23 Mar 2005 11:38:45 +0200, Mikko Rantalainen <mikko.rantalainen at peda.net> wrote: > > A third way would be to discard previous cookies and not > > send any with the first request, but keep and send any cookies during > > subsequent http communication. > Discarding all cookies for a domain isn't an option. In that case, I > could delete all *your* cookies for any domain I want by simply > loading a resource from that host. Excellent point, you're right. > I think that the right thing to do is not to support cookies for > cross domain requests. If you need cookies, you have to use primary > server as a proxy. ..now that sounds like a complicated option.. Perhaps you are right. I'm not yet absolutely convinced that webmasters need *that much* protection from themselves here but I note that both you and Chris Holland think so.. -- Hallvord R. M. Steen
Received on Sunday, 27 March 2005 07:34:20 UTC