Experiment cookie domains
7 views
Skip to first unread message
Steve Hill
Oct 12, 2016, 12:51:24 PM10/12/16
to mod-pagesp...@googlegroups.com
I was just poked from Triton about a case where our experiment cookie was leaking from foo.com into bar.foo.com.
How would people feel about removing the domain from cookie? My understanding is that this will tie it to the exact host only. The only downside I see (assuming I read the RFC right) is that cookies will no longer propagate from foo.com -> www.foo.com. However it's true that they never went from www -> .
Jeff Kaufman
Oct 13, 2016, 11:39:38 AM10/13/16
to mod-pagespeed-discuss
Fine with me.
It looks like it won't fix it for (old versions of?) IE though:
https://blogs.msdn.microsoft.com/ieinternals/2009/08/20/internet-explorer-cookie-internals-faq/
(Q1 and Q3)
> --
> You received this message because you are subscribed to the Google Groups
> "mod-pagespeed-discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to mod-pagespeed-di...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/mod-pagespeed-discuss/CAGYhEJJWXYe2abDRdhk7dn36FDLKSYhkBSND7du-676bR%3DacBQ%40mail.gmail.com.
> For more options, visit https://groups.google.com/d/optout.
It looks like it won't fix it for (old versions of?) IE though:
https://blogs.msdn.microsoft.com/ieinternals/2009/08/20/internet-explorer-cookie-internals-faq/
(Q1 and Q3)
> You received this message because you are subscribed to the Google Groups
> "mod-pagespeed-discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to mod-pagespeed-di...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/mod-pagespeed-discuss/CAGYhEJJWXYe2abDRdhk7dn36FDLKSYhkBSND7du-676bR%3DacBQ%40mail.gmail.com.
> For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages