[wp-hackers] Site URL change 'bug'?

Robert Deaton false.hopes at gmail.com
Mon Oct 25 19:24:31 UTC 2004 

Well, one solution to this is to not use the www. at all, and it is a
very good idea on various levels, including the laziness of many now
adays, and the tendancy to leave out the www. all together, and
because it simply isn't the greatest idea (for more info on this, see
the various no-www sites out there, i'm sure google knows about them).
If you insist on keeping the www. then its a good idea to set www as a
subdomain and have everything redirected to it with a rewrite rule,
that way you still get the cookies no matter what.


On Mon, 25 Oct 2004 11:24:55 -0700, John Watson <johnw1 at gmail.com> wrote:
> On Tue, 26 Oct 2004 04:14:54 +1000, Murray @ PlanetThoughtful
> <lists at planetthoughtful.org> wrote:
> > Hi John,
> >
> > Thank you for pointing me to this!
> >
> > I've been wondering, is there a point to dynamically deriving the cookie
> > hash from the site url during normal operation?
> >
> > Would it be possible to derive the cookie hash at install, and store it in a
> > table and simply use that regardless of the address being used to access the
> > blog? Alternatively, simply generate a random 32 char string (ie
> > md5(uniqid(rand(),1)) ) at time of install and use that in a similar way?
> 
> The hash itself isn't the problem in this case.  The web browser is
> trying to protect your privacy by only sending cookies back to the web
> site they originated from.  The web browser simply won't send back any
> cookies saved to www.planetthoughtful.com if you are on
> planetthoughtful.com because www is more specific.  Also, for example,
> cookies saved to planetthoughtful.org will not be sent to
> planetthoughtful.com because the top level domain is different.  If
> you want your cookie then you need to be browsing on the same url as
> you were when the cookie was saved (in general).
> 
> There is an exception where it is possible to save cookies at the
> second-level if you are on a third-level domain.  For example, all
> cookies at www.planetthoughtful.com could be saved at
> planetthoughtful.com (instead of at the www) level.  This makes the
> cookie available to both the www and the non-www domain.  This would
> require a change in how wordpress saves the cookie.
> 
> --
> John
> http://flagrantdisregard.com/
> 
> 
> 
> _______________________________________________
> hackers mailing list
> hackers at wordpress.org
> http://wordpress.org/mailman/listinfo/hackers_wordpress.org
> 


-- 
--Robert Deaton
http://false-hopes.com/

Linux is not an operating system, its a way of life.

More information about the hackers mailing list