On Sun, 29 Aug 2010 13:21:38 +0200, m0n0 wrote: > The www. is part of the (sub) domain and I expect an browser to not > allow cookies for an specific domain to be read from another domain. > Otherwise cookie stealing would be possible. > I believe, if you want to make the cookie work by pressing enter - you > have to login into the page at http://amigaworld.net - not > http://www.amigaworld.net > > I believe Filtering out the www. is wrong, because the www. is just > like any other subdomain. It can serve an completely different page than > the url without the www.
Cookies are valid for the domain they set and all subdomains below. A cookie set for amigaworld.net will be served to amigaworld.net, www.amigaworld.net, some.other.subdomain.amigaworld.net etc. Obviously if there are subdomains below your domain which are run by other people, you will want to set your cookie for www.amigaworld.net, rather than amigaworld.net. The domain is set as specified by the site, not the browser (although most browsers AFAIK will block cookies which specify a domain other than the one setting it, not sure if NetSurf does) This is why cookies set for domain ".co.uk" are bad :) Chris
