- From: Larry Masinter <masinter@parc.xerox.com>
- Date: Wed, 19 Apr 1995 23:04:54 PDT
- To: montulli@netscape.com
- Cc: www-talk@www10.w3.org
> o The "domain" attribute, if present, specifies a server domain in the > form of a TCP/IP domain name. Note that the domain acts as a tail end > mask. All hosts within the specified domain will recieve the cookie > on subsequent requests. Only hosts within the specified domain can > set a cookie for a domain and domains must have at least two (2) > periods in them to prevent domains of the form: ".com" and ".edu". > ".mcom.com" is an example of a valid domain. This doesn't work outside of the US. For example, companies in the UK tend to have domain names that end in .co.uk. I don't know if you can tell merely by syntax what the actual domain of authority is for a DNS name. Is this a necessary feature? If it isn't reliable and can be abused, it would be best to avoid it.
Received on Thursday, 20 April 1995 02:05:20 UTC