There is a 'secure' flag for cookies to make sure they are only transfered during a secure session. I would assume it would have to be set initially via a secure request too.
-- Hari On Tue, Oct 14, 2003 at 06:35:55PM -0700, Tofu Optimist wrote: > Many thanks Hari. > > Turns I was having an "acme.com" vs. "www.acme.com" > cookie descrepancy, and I didn't notice the obvious > until you reminded me. > > I am glad it wasn't a mod_perl or apache oddity! > > Curious: does scheme matter? That is, > can a cookie set by http://acme.com be read by > https://acme.com, and can a cookie set by > https://acme.com be read by http://acme.com? > > > > --- Hari Bhaskaran <[EMAIL PROTECTED]> > wrote: > > > > Ideally, the cookie set by a request (be it an image > > or html) > > originally sent to Site A should always be returned > > to any future > > request to Site A. However, browsers now-a-days > > allow users to turn > > off third party cookies - which may throw away any > > cookies from/to your core > > site. Are you seeing this all the time with your own > > browser or is this > > just from some users? Also make sure the 'path' on > > the cookie isn't > > pointing to some sub-section which isn't refered in > > the image's > > URL. Also the fully-qualified hostname used for > > original cookie > > matters. something.com, www.something.com, 1.2.3.4 > > IP etc are all > > different from cookie's point of view. > > > > > __________________________________ > Do you Yahoo!? > The New Yahoo! Shopping - with improved product search > http://shopping.yahoo.com
