W3C home > Mailing lists > Public > www-talk@w3.org > March to April 1995

Re: Session tracking

From: Larry Masinter <masinter@parc.xerox.com>
Date: Wed, 19 Apr 1995 23:04:54 PDT
To: montulli@netscape.com
Cc: www-talk@www10.w3.org
Message-Id: <95Apr19.230506pdt.2761@golden.parc.xerox.com>
>       o The "domain" attribute, if present, specifies a server domain in the
>         form of a TCP/IP domain name. Note that the domain acts as a tail end
>         mask. All hosts within the specified domain will recieve the cookie
>         on subsequent requests. Only hosts within the specified domain can
>         set a cookie for a domain and domains must have at least two (2)
>         periods in them to prevent domains of the form: ".com" and ".edu".
>         ".mcom.com" is an example of a valid domain.

This doesn't work outside of the US. For example, companies in the UK
tend to have domain names that end in .co.uk. I don't know if you can
tell merely by syntax what the actual domain of authority is for a DNS

Is this a necessary feature? If it isn't reliable and can be abused,
it would be best to avoid it.
Received on Thursday, 20 April 1995 02:05:20 UTC

This archive was generated by hypermail 2.4.0 : Monday, 20 January 2020 16:08:16 UTC