Cookies: security

Daniel Silverstone dsilvers at
Thu Jun 29 12:45:01 BST 2006

On Wed, 2006-06-28 at 19:01 +0100, John-Mark Bell wrote:
> Sourceforge, 
> otoh, tries to set a domain cookie for from a host 
> By my reading of the spec, this contradicts the 3rd item 
> of the list.

I strongly believe that while strictly speaking does not
domain-match -- It was the intention of the authors that it
would. It seems quite reasonable for to set a cookie for
'all sites from down' as it were. Thus I'd suggest that
BAR domain-matches .BAR is reasonable.


Daniel Silverstone           
PGP mail accepted and encouraged         Key ID: 2BC8 4016 2068 7895

More information about the netsurf-dev mailing list