NYCPHP Meetup

[nycphp-talk] Domains and cookies

Chris Shiflett shiflett at php.net
Tue Feb 4 10:19:30 EST 2003


--- betenoir at echonyc.com wrote:
> In further testing we discovered that the problem is
> related to whether the "read cookie" page is called
> from its own window or from within a frameset at
> another domain. The former works, the latter doesn't.

The latter is exactly the type of thing I was referring to
as a third-party cookie. Meaning, while the request is sent
separately, and it seems like the cookie would be sent as
well, the browser treats it differently if the resource
being requested is not the parent resource (what shows up
in your browser's Location bar at the top). It will
probably work in anything but IE 6.0, and it should (as I
understand the policy) work in everything as long as your
"read cookie" page is P3P compliant. The W3C's site has
some great resources for verifying your compliance:

http://www.w3.org/P3P/

> And you are "creating" a Set-Cookie header rather than
> simply writing to a cookie?

There is no such thing really as writing to a cookie. When
you "set" a cookie using the function, it just generates a
Set-Cookie header according to the values you pass the
function. Like Hans, I tend to prefer to send my own
manually.

Chris



More information about the talk mailing list