Re: Session tracking

Lou Montulli (
Thu, 20 Apr 1995 19:40:15 +0500

On Apr 19, 11:04pm, Larry Masinter wrote:
> Subject: Re: Session tracking
> > o The "domain" attribute, if present, specifies a server domain in
> > form of a TCP/IP domain name. Note that the domain acts as a tail
> > mask. All hosts within the specified domain will recieve the cookie
> > on subsequent requests. Only hosts within the specified domain can
> > set a cookie for a domain and domains must have at least two (2)
> > periods in them to prevent domains of the form: ".com" and ".edu".
> > "" is an example of a valid domain.
> Is this a necessary feature? If it isn't reliable and can be abused,
> it would be best to avoid it.

This is a necessary feature for any large site wishing to make use
of cookies. Since you often want to run multiple machines this
allows the cookie to be shared among those multiple machines. For
instance you may want have all your shopping pages an a machine
that only serves static pages and then have the acually buying or
checkout process on another machine that is specifically geared
for cgi processing.


Lou Montulli       
       Netscape Communications Corp.