dveditz and I talked about this some today. Neither of us are altogether happy
with the Opera solution. Major drawbacks: 1) performance penalties resulting
from DNS delays, and 2) it fails in many cases.
The .tv domain is particularly interesting. It seems that if you load http://co.tv/, you get to a site advertizing registration of subdomains of
co.tv. Moreover, .tv is used just like .com by corporations (e.g., http://www.nbc4.tv/). So, the Opera solution fails for the .tv domain :-(
One solution that dveditz mentioned was to devise a way to inform the server (or
script in the page) of the domain for which a cookie is set. That way, sites
would be able to filter out bogus domain cookies. This could be done using a
new header or by perhaps modifying the Cookie header to expose this information.
We'd also want a new DOM API for exposing the information as well. dveditz
thought it would be ideal if we exposed a list of structures to JS instead of a
simple cookie string like we do for document.cookies. That way JS would not
have to parse out the cookie information.
> darin is working with the opera suggestions...
dveditz and I talked about this some today. Neither of us are altogether happy
with the Opera solution. Major drawbacks: 1) performance penalties resulting
from DNS delays, and 2) it fails in many cases.
The .tv domain is particularly interesting. It seems that if you load co.tv/, you get to a site advertizing registration of subdomains of www.nbc4. tv/). So, the Opera solution fails for the .tv domain :-(
http://
co.tv. Moreover, .tv is used just like .com by corporations (e.g.,
http://
One solution that dveditz mentioned was to devise a way to inform the server (or
script in the page) of the domain for which a cookie is set. That way, sites
would be able to filter out bogus domain cookies. This could be done using a
new header or by perhaps modifying the Cookie header to expose this information.
We'd also want a new DOM API for exposing the information as well. dveditz
thought it would be ideal if we exposed a list of structures to JS instead of a
simple cookie string like we do for document.cookies. That way JS would not
have to parse out the cookie information.