[ic] secure server

msquared msquared@digitalwizards.com.au
Tue, 9 Jan 2001 10:59:51 +0800

On Mon, Jan 08, 2001 at 03:27:37PM -0800, Jason Ballou wrote:

> I've found that when using the newest versions of IE
> and Netscape, the cart contents are dropped when you
> go to the secure server if the domain names do not
> match.  No idea why,

That'll be because you can't move cookies from one domain to another.  If
the cookie domain is set correctly, though, I think you could do it.  Say
your hosts were:


If you set your cookie for shoppingplace.com instead of
www.shoppingplace.com, then I *think* secure.shoppingplace.com can also
see it.  Anyone care to confirm this?

There is a special case of a cookie exploit that can violate these rules,


Regards, /|/|
        /   | (MSquared)
M Squared  <msquared@digitalwizards.com.au>
Product development
Digital Wizards