You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Mark Diggory <md...@latte.harvard.edu> on 2001/04/11 01:39:09 UTC
Cookies with same name but different domains
I'm trying to set multiple cookies with the same name and path, but with
different Domains in a HttpServletResponse. Is this possible? I never see
anything but the first cookie I add. According to the Sun Servlet Spec, I
can't do this. But I've see posts suggesting I can. Is this possible with
Tomcat?
Otherwise, is there a method by which I can set a cookie that will go to
all domains/paths?
-Mark Diggory
Re: Cookies with same name but different domains
Posted by Mark Diggory <md...@latte.harvard.edu>.
At 11:17 PM 4/10/01 -0500, you wrote:
>Any cookie belongs to a particular server (domain name) - the most general
>that
>a domain spec is allowed to be is *.foo.com i.e. with a specified TLD and
>second
>level domain. The path can be anything, i.e. as general as "/" The browser
>will
>send back all cookies which match, most specific first.
>
>The domain constraint was designed as a privacy measure to prevent snarfing of
>cookie information that came from one site by other sites, and to stop people
>from tracking user behaviour across multiple unrelated sites; the latter of
>course was famously sidestepped by DoubleClick and all the ad banner guys by
>having an image on all participating sites fetched from their own server :-)
>Modern browsers are now starting to appear which have controls to inhibit the
>DoubleClick trick, e.g. only accepting cookies from the server that the main
>page came from.
I figured as much. Which is why I approached setting multiple cookies (one
for each of the sites I need to get it to, however, the cookie name is the
same across all these sites, it appears tomcat lets one set multiple
cookies with the same name but different paths. However, it doesn't seem to
apply to domain's as well, why can't I set two cookies in the same
HttpServletResponse with the same name but different domains?
-Mark
Re: Cookies with same name but different domains
Posted by David Crooke <da...@convio.com>.
Any cookie belongs to a particular server (domain name) - the most general that
a domain spec is allowed to be is *.foo.com i.e. with a specified TLD and second
level domain. The path can be anything, i.e. as general as "/" The browser will
send back all cookies which match, most specific first.
The domain constraint was designed as a privacy measure to prevent snarfing of
cookie information that came from one site by other sites, and to stop people
from tracking user behaviour across multiple unrelated sites; the latter of
course was famously sidestepped by DoubleClick and all the ad banner guys by
having an image on all participating sites fetched from their own server :-)
Modern browsers are now starting to appear which have controls to inhibit the
DoubleClick trick, e.g. only accepting cookies from the server that the main
page came from.