Rob Bloodgood wrote:
> > Or at the very least, two segments thereof:
> >
> > domain=.org.tld
> >
> --- lots of snippage ---
> you have it right at the top.
> assuming you are operating in org.tld, so www.org.tld and modperl.org.tld
> are valid boxes, then you send the domain string as ".$domain". This one
> cost me about a week, so don't feel too bad!
>
if someone enters our site with domain.tld (no hostname), everything works
fine as long as they keep using relative links. as soon as they select or get
redirected to an absolute link (usually when changing schemes http <=> https),
then the domain of the cookie fails, and the cookie data is lost (as far as the
browser is concerned). this problem is avoidable if u insure that a proper
hostname is used along with a domain.tld. i do this with mod_rewrite. there
are probably many ways to do it, but the effect is the same, insure that the
cookie domain matches through the user's entire session. someone suggested
using the apache directive "canonical hostname". my canonical hostname does not
always match the host and domain.tld of my server. if it does, then this directive
will probably eliminate the "no hostname cookie domain matching problem" (a technical
term ;-) ).
--
___cliff [EMAIL PROTECTED]http://www.genwax.com/
