By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
431,796 Members | 1,205 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 431,796 IT Pros & Developers. It's quick & easy.

HELP: cookies / login screens / https / http / domain names, etc

P: n/a
OK, here's the deal.

Let's say I got a website called:
https://www.blah.com/~account/application/login.php

When the user arrives they see a https which is more secure than just
http alone.
The problem for me is it is too slow because it's shared with others
(but at least it's free), and I'm too cheap to shell out the money for
my own, etc.

The cookie when I check in firefox shows me it's associated with this
domain name (www.blah.com).

So I want to drop a cookie and then once it's in place, I want to
switch over to
the faster:
http://www.mydomainname.com/applicat...gin_submit.php

The first url (at the beginning of this message) is what's provided by
my webhost,
and the domain name is obviously different from my own. That said I
also believe
that even if used:

http://www.blah.com/~account/applica...gin_submit.php (no https) it
would still give
me a problem because of the differences between http and https, no?

When the cookie is written it references www.blah.com and not
www.mydomainname.com.

Is there a way that I can change this PATH and DOMAIN info on the fly
AFTER the cookie has been written? I also tried writing the cookie
with a Domain of just (.) and path of (/). This too was not taken.

I'm sure there are plenty of other ways to get a login screen to work..
but I'm curious
about this specific point. It's my cookie, and it's my browser.. I
don't see why there
should be any hinderances on me deciding what happens to my cookie. He
who makes it, gets to eat too right? :-)

Feb 1 '06 #1
Share this Question
Share on Google+
2 Replies


P: n/a
bump.

Feb 1 '06 #2

P: n/a
pa****@gmail.com wrote:
OK, here's the deal.

Let's say I got a website called:
https://www.blah.com/~account/application/login.php

When the user arrives they see a https which is more secure than just
http alone.
The problem for me is it is too slow because it's shared with others
(but at least it's free), and I'm too cheap to shell out the money for
my own, etc.

The cookie when I check in firefox shows me it's associated with this
domain name (www.blah.com).

So I want to drop a cookie and then once it's in place, I want to
switch over to
the faster:
http://www.mydomainname.com/applicat...gin_submit.php

The first url (at the beginning of this message) is what's provided by
my webhost,
and the domain name is obviously different from my own. That said I
also believe
that even if used:

http://www.blah.com/~account/applica...gin_submit.php (no https) it
would still give
me a problem because of the differences between http and https, no?

When the cookie is written it references www.blah.com and not
www.mydomainname.com.

Is there a way that I can change this PATH and DOMAIN info on the fly
AFTER the cookie has been written? I also tried writing the cookie
with a Domain of just (.) and path of (/). This too was not taken.

I'm sure there are plenty of other ways to get a login screen to work..
but I'm curious
about this specific point. It's my cookie, and it's my browser.. I
don't see why there
should be any hinderances on me deciding what happens to my cookie. He
who makes it, gets to eat too right? :-)


First of all, you should wait for at least 24 hours for a response. All
of us here are volunteers, and many of us only get on once a day.

As for your problem. You can't share cookies between domains. The
browsers won't let you. And it's a good thing, also. Otherwise it
would be a huge security hole for one domain to be able to read another
domain's information!

And no, once the cookie has been written, it's at the user's browser.
All you can do is read it.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Feb 1 '06 #3

This discussion thread is closed

Replies have been disabled for this discussion.