Posted by Gordon Burditt on 11/11/58 11:19

>> Session IDs are normally stored in cookies. A cookie in the XYZ
>> domain shouldn't be passed to you in the DEF domain. However, you
>> can't count on users not manually inserting cookies into their
>> browsers.
>
>I didn't make it clear: other users are able to post websites on our
>intranet server (in other directories, of course). Thus they would be
>writing cookies on the same domain.

So maybe you should get your own domain for this purpose. A subdomain
of your current domain might work (e.g. www2.mydomain.com). Since
you've only got one webserver, you're stuck with that, but Apache
does virtualhosting nicely. I don't recall the rules about passing
cookies between parent domains and subdomains.

Gordon L. Burditt

[Back to original message]