At 11:17 PM 4/10/01 -0500, you wrote:
>Any cookie belongs to a particular server (domain name) - the most general
>that
>a domain spec is allowed to be is *.foo.com i.e. with a specified TLD and
>second
>level domain. The path can be anything, i.e. as general as "/" The browser
>will
>send back all cookies which match, most specific first.
>
>The domain constraint was designed as a privacy measure to prevent snarfing of
>cookie information that came from one site by other sites, and to stop people
>from tracking user behaviour across multiple unrelated sites; the latter of
>course was famously sidestepped by DoubleClick and all the ad banner guys by
>having an image on all participating sites fetched from their own server :-)
>Modern browsers are now starting to appear which have controls to inhibit the
>DoubleClick trick, e.g. only accepting cookies from the server that the main
>page came from.
I figured as much. Which is why I approached setting multiple cookies (one
for each of the sites I need to get it to, however, the cookie name is the
same across all these sites, it appears tomcat lets one set multiple
cookies with the same name but different paths. However, it doesn't seem to
apply to domain's as well, why can't I set two cookies in the same
HttpServletResponse with the same name but different domains?
-Mark
