At 14:39 15/07/99 , Anthony Baxter wrote:
Ok, so I have a number of sites in the domain ekno.lonelyplanet.com.
I want to share cookies amongst them, so that the user only has to log in once, and the cookies (with a 30 minute lifetime) will pass that on to the others.
Problem: one of the sites is http, the other https. Setting a cookie from the http site with a domain of '.ekno.lonelyplanet.com' _should_ result in it also being delivered to the https site, but doesn't.
As far as I can tell, both Navigator and IE are refusing to send the cookie set from the http site to the https site. Presumably this is some poor idea of security.
Has anyone else seen this, and, more importantly, has anyone else found a workaround?
I have no direct experience with this, but maybe this will help: You can add the flag 'secure' to your cookie, signalling it can be transmitted over a secure channel. You might have to set the cookie twice, one with, and one without the 'secure' flag. Not sure if this will work... Have a look at the original propoposal from Netscape for more info (yeah right): http://home.netscape.com/newsref/std/cookie_spec.html -- Martijn Pieters, Web Developer | Antraciet http://www.antraciet.nl | Tel: +31-35-7502100 Fax: +31-35-7502111 | mailto:mj@antraciet.nl http://www.antraciet.nl/~mj | PGP: http://wwwkeys.nl.pgp.net:11371/pks/lookup?op=get&search=0xA8A32149 ------------------------------------------