| Re: cookies for the whole domain [message #16166 is a reply to message #16162] |
Sat, 17 January 2004 00:27   |
 |
Wild_Cat
Messages: 144
Registered: November 2002
Location: Odessa, Ukraine
Karma:
|
Senior Member |
|
|
I didn't mean max settings in IE, I meant accept all cookies from this site in Mozilla cookie manager & inclusion in trusted sites in IE, both browsers security for cookies is set to accept cookies for the domain they are sent from - that's my level, but I just added localhost as especially trusted sites when I had login problems yet with local version of 2.5.0. Opera set to accept all cookies from all sites does not even try to create the cookie, it seems - no error alerts for invalid paths or domains... nothing as if the cookie was not being sent
(Well, I wander too why is that your installer is leaving domain empty if it shouldn't be done  )
I am running for now 2.6.0 on localhost (no wish to experiment with alive forum)
Here is what I have for cookies while path is set to / & domain left empty (working logins):
Set-Cookie: fud_session_148542139=59d490552689e2c4546ca5cf43a7ec2b; expires=Fri, 30-Jan-04 22:20:21 GMT; path=/[/face]
response
Cookie: fud_session_148542139=59d490552689e2c4546ca5cf43a7ec2b[/face]
If I set path to / & domain to localhost while the cookie still exists, I can login & all OK. But if I destroy the cookie with such settings the cookie doesn't want to be set:
Set-Cookie: fud_session_148542139=7d7a7013f5cd56045f0e4c83bd167075; expires=Fri, 30-Jan-04 22:36:34 GMT; path=/; domain=localhost
[/face]
and that's all, no new cookie appears in my browser!
The same thing happens when path is set to /forum/ anyway!
Set-Cookie: fud_session_148542139=f8e46c57174d2f3b2c7aa0965b1365fd; expires=Fri, 30-Jan-04 22:39:24 GMT; path=/forum/; domain=localhost[/face]
So if the cookie does not already exist, it doesn't want to be created this way!
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)
LiveHHTP Headers extension for Mozilla used (I don't know how to capture them otherwise)
But what browsers are having problems with omitting the domain if they should use the same domain wich sets the cookies according to standards? Or is it a security issue? Or localhost one?...
Lady of Avalon
[Updated on: Sat, 17 January 2004 01:01] Report message to a moderator |
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]