Re: Session tracking from Larry Masinter on 1995-04-20 (www-talk@w3.org from March to April 1995)

From: Larry Masinter <masinter@parc.xerox.com>
Date: Wed, 19 Apr 1995 23:04:54 PDT
To: montulli@netscape.com
Cc: www-talk@www10.w3.org
Message-Id: <95Apr19.230506pdt.2761@golden.parc.xerox.com>

>       o The "domain" attribute, if present, specifies a server domain in the
>         form of a TCP/IP domain name. Note that the domain acts as a tail end
>         mask. All hosts within the specified domain will recieve the cookie
>         on subsequent requests. Only hosts within the specified domain can
>         set a cookie for a domain and domains must have at least two (2)
>         periods in them to prevent domains of the form: ".com" and ".edu".
>         ".mcom.com" is an example of a valid domain.

This doesn't work outside of the US. For example, companies in the UK
tend to have domain names that end in .co.uk. I don't know if you can
tell merely by syntax what the actual domain of authority is for a DNS
name. 

Is this a necessary feature? If it isn't reliable and can be abused,
it would be best to avoid it.

Received on Thursday, 20 April 1995 02:05:20 UTC