[Zope-CMF] Incorrect domain on cookie.

Tres Seaver tseaver@palladion.com
Tue, 05 Jun 2001 15:40:44 -0400


Jeff wrote:

> Sorry to be a pest, but does anyone have any ideas about this?
> I would hate to put some hack in to get around this only to find out later
> that  I just did not understand something...


When your code calls 'REQUEST["RESPONSE"].setCookie( name, value )', you
can also pass along additional keyword arguments, particularly:

  expires -- expiration date for the cookie (defaults to end of browser 
session)

  domain -- domain across which the cookie should be honored (defaults 
to the TLD
            and first sub-domain of the SERVER_NAME).

  path -- sub-path within a site in which the cookie should be honored 
(defaults
          to '/', I *think*, but some browsers may do this differently)

  max_age -- dunno, see the spec

  comment -- dunno, see the spec

  secure -- should the cookie only be passed across HTTPS connections.

So, you can invoke:

   context.REQUEST['RESPONSE'].setCookie( name='foo'
                                        , value='bar'
                                        , path=context.portal_url()
                                        , domain='mydomain.com'
                                        )

and you should get what you expect.

Notes:

  - The "pseudo-spec" is at:

     http://home.netscape.com/newsref/std/cookie_spec.html

  - The "draft spec" is:

     http://www.cis.ohio-state.edu/cgi-bin/rfc/rfc2109.html

  - I think this RFC may be superseded by:

     ftp://ftp.isi.edu/in-notes/rfc2965.txt

Tres.
--
===============================================================
Tres Seaver                                tseaver@digicool.com
Digital Creations     "Zope Dealers"       http://www.zope.org