mbneto wrote:
Hi Richard,
The setcookie manual and the cookie specification tells otherwise.
bool setcookie ( string name [, string value [, int expire [, string
path [, string domain [, bool secure]]]]] )
the domain parameter is restricted to third level domains (or 4 for top
level domains like .co.uk). From domain.net, you can set domain to
secure.domain.net, but not to anotherdomain.com.
In fact one of the tricks people use is to create a cookie with the
right values in order to bypass the site's security.
They use curl or edit the browser's cookie file
On 5/14/05, Richard Lynch <[EMAIL PROTECTED]> wrote:
On Sat, May 14, 2005 4:45 am, mbneto said:
They are in the same machine. My major concern is with security and
the hability to make sure if a user logs in, or adds something to a
"shopping cart" in one domain it will be available to the other
domain.
Can I set call setCookie twice with the same variable name but
different domain ? I could set the sessionid and call session_start
with the propagated id when/if a user crosses from one domain to
another.
No, you can't call setcookie with a domain name AT ALL.
If you could, what would stop you from setting Cookies for *my* site? Or
msn.com? Or Sothebys.com? Then you could just take all their customers'
money, and not need to worry about your own shopping cart.
If you want to transfer Cookies from two domains you control, it's up to
you to do that with your own hack.
It would make a lot more sense to just put all the shopping on one domain,
or have different carts for two domains.
It's more than a little odd to have the same cart on two sites from a user
perspective... Something that's likely to confuse customers, and make
them think your site is insecure if you can't even keep your shopping cart
confined to one site.
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
