>Getting site B to create cookies that can be read by >site A (an additional feature for browsers to support - and, again, >why?) but not by any other sites, would be much trickier.
And, in case you're still determined to enable it anyway: http://shiflett.org/articles/session-fixation That's the security reason why not to ;) -Shade _______________________________________________ security mailing list [email protected] http://openid.net/mailman/listinfo/security
