|
Deron Meranda
deron.meranda at gmail.com
Mon Mar 20 17:57:34 EST 2006
On 3/20/06, Kevin Wang <kwang at activegrid.com> wrote: > Looks like mod_python never sets the domain name in "Set-Cookie" header, but > both firefox and IE browsers are smart enough to assume that the cookie > belongs to the host requested. Actually that's what the standards demand that the browsers do, it's not just a coincidence. Set-Cookie is actually somewhat dated and is documented in RFC 2109 - http://www.ietf.org/rfc/rfc2109.txt Set-Cookie2 is the current standard as documented in RFC 2965 - http://www.ietf.org/rfc/rfc2965.txt However Set-Cookie2, while techinically superior, is not as widely understood by browsers. So mod_python sticks with Set-Cookie. > However, in the case of request coming from an IE frame, it no longer works! > I have no idea why it doesn't work in an IE frame. Hmm. Are you using cross-domain frames or anything complicated? > To me, the right solution should be that mod_python always sets the domain > name if one is passed in. You of course can always dive into lower-level code. For instance mod_python's Cookie module does let you get at the domain attribute, which you can set however you like. (Not to mention Python's own Cookie/Morsel classes) -- Deron Meranda
|