W3C home > Mailing lists > Public > www-talk@w3.org > January to February 1997

Re: errata for cookie spec

From: Andrew Daviel <andrew@andrew.triumf.ca>
Date: Mon, 17 Feb 1997 14:13:00 -0800 (PST)
To: Jeremey Barrett <jeremey@veriweb.com>
Cc: www-talk@w3.org
Message-Id: <Pine.LNX.3.91.970217133116.25410E-100000@andrew.triumf.ca>
On Fri, 7 Feb 1997, Jeremey Barrett wrote:

> > The second, I'm not so sure about. Blocking cookies sent to
> > domain C because they are inside a frame from domain A will break C's 
> > legitimate shopping application. In this example, it is less likely that
> > C's page would be included in many frames than the advertisement banner
> > in the first one. And then there's Java banners, concealed JavaScript, 
> > etc.
> You second example seems very odd. You have a frameset within a document?

Not that odd. I have a frames based search engine launcher at e.g.

but the situation might arise if a frame contains links to other sites
and does not set target=_parent.

> If you are fetching another entire HTML document, as you are in a framset,
> then the cookie rules are applied to that document. (i.e. the rules are
> applied to each document within the framset individually). HTTP doesn't
> (and shouldn't) know about HTML. All frames-based documents boil down to 
> your first example at some point.

Anyhow, a simple test reveals (as I think you are saying):

A.html: <a href="B.html">

B.html: <frameset><frame src="C.html"><frame src="D.html"></frameset>

C.html: <img src="C.gif">
D.html: <img src="D.gif">

The HTTP_REFERER for both C.html and D.html is A.html.
The HTTP_REFERER for C.gif is C.html, for D.gif it's D.html

So the images don't know about the parent frameset.

JavaScript, who knows ? (I was disappointed to see
that the email bug is back in Mozilla 3 .. www.digicrime.com ..
maybe I just misconfigured one of my machines; this one's OK ..)

Andrew (was off with a (organic!) virus ...)
Received on Monday, 17 February 1997 17:14:26 UTC

This archive was generated by hypermail 2.4.0 : Monday, 20 January 2020 16:08:21 UTC