Domains and cookies

betenoir at betenoir at
Tue Feb 4 01:18:14 EST 2003

a from page to page.
>> >
>> >I'm not sure what inconsistencies you are speaking about,
>> >but perhaps your observations are related to third-party
>> >cookies from sites that are not P3P-compliant. I believe IE
>> >requires (by default) P3P compliance from third-party sites
>> >wishing to set a cookie.
>> Are you referring to having a privacy policy? We've done that.  But it's
>> not the third party that's setting the cookie. The problem is retrieving
>> the cookie that we set when we return to our domain *from* the third party.
>> >Maybe that helps explain something.

>The only similar behaviour I've seen is with correctly forming the expire
>time.  I've found differant behavior between Mozilla and IE, for example,
>although I'm sorry I can't remember exactly what it was.  And since it's a
>time issue, this may relate to why it works "now", and not "then."  I'm sorry
>I can't remember many details, but here is some stuff I've ripped, totally
>out of context, from some old code:
>/***  NOTES
>   setcookie('psyn',pACK,time()+3600,'/','',0);
>   header('Refresh: 5;url='.pAUTH_URL_LOGIN);
>   We need to be aware about DOMAIN and Location stuff.  For instance, we
>were getting redirected to and so the cookies didn't stick on
>the redirect.  And, although there is talk that Location: doesn't work right,
>it's been working, although we may run into a case where Refresh: is needed
>   NOTE: This doesn't work right under NN 4.7
>/** This begins to implement TCP style SYN/ACK seq behavior for session ids
>      define('pACK', substr(microtime(),2,8).time());
>      if( empty($_COOKIE['psyn']) )
>         define('pSYN', 0);
>      else
>         define('pSYN', $_COOKIE['psyn']);
>      header('Set-Cookie: psyn='.pACK.'; domain=.'.PARASITE_DOMAIN.';
>I've also had better luck using header() and forming my Set-Cookie header
>manually.  Hopefully I didn't confuse things,

In further testing we discovered that the problem is related to whether the
"read cookie" page is called from its own window or from within a frameset
at another domain. The former works, the latter doesn't.

If I understand your code correctly:

	pACK resolves to the cookie value and expiration?
	pSYN is the name of cookie?
	PARASITE_DOMAIN is a variable that holds the doman parameter?

And you are "creating" a Set-Cookie header rather than simply writing to a

Thanks again.


More information about the talk mailing list