[TYPO3-core] RFC #13470: Session/Login not working in IE8 across subdomains
Sigfried Arnold
s.arnold at rebell.at
Thu Feb 25 16:35:18 CET 2010
Am 12.02.2010 10:22, schrieb Ernesto Baschny [cron IT]:
> 2) Visit once "domain.com" (without the subdomain)
> 3) Change to "www.domain.com"
example.com and www.example.com are two different authorities - if
someone has a cookie for one, he should not have one for the other
domain (technicaly) - see RFC 2965 for details.
if the cookie is set for ".example.com" it should be valid for
www.example.com too, bit if it's set explicit for "example.com" it
should not be valid on "www.example.com".
it's quite common that www. subdomain and second level domain got the
same content - but its also possible, that both are completly different.
so - i vote for a clear -1 for this patch (in technical manner) - TYPO3
should comply with RFCs - especialy if they are HTTP-Relevant)
btw: you should really use RFC 2606 compilant domains for example
purposes ;)
More information about the TYPO3-team-core
mailing list