RE: [ACFUG Discuss] cfcookie with the domain attribute

2009-06-25 Thread Charlie Arehart 
Yes, and Clarke, I would highly recommend you drop a feedback into the
livedocs on that (the CF8 ones, not 7 or 6, as I don't know that they go
back and review those for ideas, though they should, since some find them
while doing searches.)

 

/charlie

 

From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Howard Fore
Sent: Thursday, June 25, 2009 7:03 AM
To: discussion@acfug.org
Subject: Re: [ACFUG Discuss] cfcookie with the domain attribute

 

I guess when they say "other servers" they really mean "other servers in the
same domain."

--
Howard Fore, howard.f...@hofo.com
"The universe tends toward maximum irony. Don't push it." - Jeff Atwood



On Thu, Jun 25, 2009 at 6:51 AM, Clarke Bishop 
wrote:

Thanks Howard and Charlie!

 

Like you said, I thought cookies were only available to the domain that set
them. The way I read it, the CF documentation is misleading:

 

Domain

Domain in which cookie is valid and to which cookie content can be sent from
the user's system. By default, the cookie is only available to the server
that set it. Use this attribute to make the cookie available to other
servers.

 

 

I originally planned on using URL parameters, but had a problem with that
approach.

 

Thanks for the clarification!

 

   Clarke

 




-
To unsubscribe from this list, manage your profile @ 
http://www.acfug.org?fa=login.edituserform

For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-

Re: [ACFUG Discuss] cfcookie with the domain attribute

2009-06-25 Thread Howard Fore 
I guess when they say "other servers" they really mean "other servers in the
same domain."

--
Howard Fore, howard.f...@hofo.com
"The universe tends toward maximum irony. Don't push it." - Jeff Atwood


On Thu, Jun 25, 2009 at 6:51 AM, Clarke Bishop wrote:

>  Thanks Howard and Charlie!
>
>
>
> Like you said, I thought cookies were only available to the domain that set
> them. The way I read it, the CF documentation is misleading:
>
>
>
> *Domain*
>
> Domain in which cookie is valid and to which cookie content can be sent
> from the user's system. *By default, the cookie is only available to the
> server that set it. Use this attribute to make the cookie available to other
> servers.*
>
>
>
>
>
> I originally planned on using URL parameters, but had a problem with that
> approach.
>
>
>
> Thanks for the clarification!
>
>
>
>Clarke
>

RE: [ACFUG Discuss] cfcookie with the domain attribute

2009-06-25 Thread Clarke Bishop 
Thanks Howard and Charlie!

 

Like you said, I thought cookies were only available to the domain that set
them. The way I read it, the CF documentation is misleading:

 

Domain

Domain in which cookie is valid and to which cookie content can be sent from
the user's system. By default, the cookie is only available to the server
that set it. Use this attribute to make the cookie available to other
servers.

 

 

I originally planned on using URL parameters, but had a problem with that
approach.

 

Thanks for the clarification!

 

   Clarke

 

-Original Message-
From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Charlie Arehart
Sent: Wednesday, June 24, 2009 9:12 PM
To: discussion@acfug.org
Subject: RE: [ACFUG Discuss] cfcookie with the domain attribute

 

Yeah, adding to what Howard noted, the DOMAIN attribute isn't there for the

reason you're using it. It's instead for controlling use of cookies on that

"single domain" that's setting the cookie, but controlling whether and how

it works for any subdomains under it.

 

You can't simply name another domain (that's not the one setting it) and

hope that it can be read by that other domain. 

 

This really goes to an old and fundamental security feature built into

cookies. The designers specifically didn't WANT visitors to Server A to have

a cookie set there which would be read when the request got to Server B.

That could be abused by those wanting to track visits. Of course, there have

been many ways that people have gotten around that.

 

I guess if you really wanted to do it with cookies (rather than the URL

parms Howard recommends), you can pursue those alternatives. Just think like

(or search how to act like) a hacker. :-) 

 

/charlie

 

PS Hey Howard, if you're reading this, can you see if you got an email from

me, direct to you yesterday?

 

-Original Message-

From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Howard Fore

Sent: Wednesday, June 24, 2009 7:13 PM

To: discussion@acfug.org

Subject: Re: [ACFUG Discuss] cfcookie with the domain attribute

 

Clark,

 

Cookies can only be set and read by a single domain. If you want to

pass the data to a second site, I'd suggest URL parameters.

 

 

 

 

-

To unsubscribe from this list, manage your profile @ 

http://www.acfug.org?fa=login.edituserform

 

For more info, see http://www.acfug.org/mailinglists

Archive @ http://www.mail-archive.com/discussion%40acfug.org/

List hosted by http://www.fusionlink.com

-

 

 




-
To unsubscribe from this list, manage your profile @ 
http://www.acfug.org?fa=login.edituserform

For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-