[Zope] [sort-of offtopic] cookies, http, and https.
Anthony Baxter
anthony@interlink.com.au
Thu, 15 Jul 1999 22:39:16 +1000
[kinda not related directly to zope, but indirectly, it is the sort of
thing that people using zope are likely to hit. hit 'delete' if you're
easily offended by off-topicness]
Ok, so I have a number of sites in the domain ekno.lonelyplanet.com.
I want to share cookies amongst them, so that the user only has to log in
once, and the cookies (with a 30 minute lifetime) will pass that on to the
others.
Problem: one of the sites is http, the other https. Setting a cookie from
the http site with a domain of '.ekno.lonelyplanet.com' _should_ result
in it also being delivered to the https site, but doesn't.
As far as I can tell, both Navigator and IE are refusing to send the cookie
set from the http site to the https site. Presumably this is some poor idea
of security.
Has anyone else seen this, and, more importantly, has anyone else found
a workaround?
Thanks,
Anthony.