Thanks Howard and Charlie!
Like you said, I thought cookies were only available to the domain that set
them. The way I read it, the CF documentation is misleading:
Domain
Domain in which cookie is valid and to which cookie content can be sent from
the user's system. By default, the cookie is only available to the server
that set it. Use this attribute to make the cookie available to other
servers.
I originally planned on using URL parameters, but had a problem with that
approach.
Thanks for the clarification!
Clarke
-Original Message-
From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Charlie Arehart
Sent: Wednesday, June 24, 2009 9:12 PM
To: discussion@acfug.org
Subject: RE: [ACFUG Discuss] cfcookie with the domain attribute
Yeah, adding to what Howard noted, the DOMAIN attribute isn't there for the
reason you're using it. It's instead for controlling use of cookies on that
"single domain" that's setting the cookie, but controlling whether and how
it works for any subdomains under it.
You can't simply name another domain (that's not the one setting it) and
hope that it can be read by that other domain.
This really goes to an old and fundamental security feature built into
cookies. The designers specifically didn't WANT visitors to Server A to have
a cookie set there which would be read when the request got to Server B.
That could be abused by those wanting to track visits. Of course, there have
been many ways that people have gotten around that.
I guess if you really wanted to do it with cookies (rather than the URL
parms Howard recommends), you can pursue those alternatives. Just think like
(or search how to act like) a hacker. :-)
/charlie
PS Hey Howard, if you're reading this, can you see if you got an email from
me, direct to you yesterday?
-Original Message-
From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Howard Fore
Sent: Wednesday, June 24, 2009 7:13 PM
To: discussion@acfug.org
Subject: Re: [ACFUG Discuss] cfcookie with the domain attribute
Clark,
Cookies can only be set and read by a single domain. If you want to
pass the data to a second site, I'd suggest URL parameters.
-
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-
-
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-