Reply to Re: HELP: cookies / login screens / https / http / domain names, etc

Your name:

Reply:


Posted by Jerry Stuckle on 02/01/06 23:50

patilj@gmail.com wrote:
> OK, here's the deal.
>
> Let's say I got a website called:
> https://www.blah.com/~account/application/login.php
>
> When the user arrives they see a https which is more secure than just
> http alone.
> The problem for me is it is too slow because it's shared with others
> (but at least it's free), and I'm too cheap to shell out the money for
> my own, etc.
>
> The cookie when I check in firefox shows me it's associated with this
> domain name (www.blah.com).
>
> So I want to drop a cookie and then once it's in place, I want to
> switch over to
> the faster:
> http://www.mydomainname.com/application/login_submit.php
>
> The first url (at the beginning of this message) is what's provided by
> my webhost,
> and the domain name is obviously different from my own. That said I
> also believe
> that even if used:
>
> http://www.blah.com/~account/application/login_submit.php (no https) it
> would still give
> me a problem because of the differences between http and https, no?
>
> When the cookie is written it references www.blah.com and not
> www.mydomainname.com.
>
> Is there a way that I can change this PATH and DOMAIN info on the fly
> AFTER the cookie has been written? I also tried writing the cookie
> with a Domain of just (.) and path of (/). This too was not taken.
>
> I'm sure there are plenty of other ways to get a login screen to work..
> but I'm curious
> about this specific point. It's my cookie, and it's my browser.. I
> don't see why there
> should be any hinderances on me deciding what happens to my cookie. He
> who makes it, gets to eat too right? :-)
>

First of all, you should wait for at least 24 hours for a response. All
of us here are volunteers, and many of us only get on once a day.

As for your problem. You can't share cookies between domains. The
browsers won't let you. And it's a good thing, also. Otherwise it
would be a huge security hole for one domain to be able to read another
domain's information!

And no, once the cookie has been written, it's at the user's browser.
All you can do is read it.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

[Back to original message]
Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация