httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dgau...@hotwired.com (Dean Gaudet)
Subject Re: multiple Set-Cookies (was Re: require-client functionality)
Date Wed, 08 May 1996 06:21:53 GMT
In article <199605072046.AA107722004@ooo.lanl.gov> you write:
>the other alternative is to package all the cookies into one Set-Cookie
>header... do you need 3 cookie headers or can you manage with 1 header
>containing 3 pieces of information?

Neither Netscape nor MSIE understand multiple cookies on one Set-Cookie
header.  So you need to send three headers.  I wish I could find the
time to do this right -- because I need it in the hotwired server.  If
you want to see a cookie mess, go visit our site.  We spam you with a p
cookie on each request (to detect "bad" proxies).

Other Cookie tidbits:

domain=.foobar.com  is the only accepted wildcarded domain name

MSIE does not respect Set-Cookie in combination with Location
    (latest version)
Netscape (all versions) does respect Set-Cookie with Redirects

    That one pissed me off -- you can imagine the tricks you can
    pull using redirects and set-cookies and funky URLs.  In fact
    I could eliminate that stupid p cookie, and I could pass cookies
    between distinct domains easily.

Ya know, adhering to 1.1 is fine and all... but there's a lot of existing
practice it might be worth considering.

Dean
P.S. Don't ask me about the sanity of using cookies for "authentication".

Mime
View raw message