[wp-hackers] Site URL change 'bug'?
John Watson
johnw1 at gmail.com
Mon Oct 25 18:24:55 UTC 2004
On Tue, 26 Oct 2004 04:14:54 +1000, Murray @ PlanetThoughtful
<lists at planetthoughtful.org> wrote:
> Hi John,
>
> Thank you for pointing me to this!
>
> I've been wondering, is there a point to dynamically deriving the cookie
> hash from the site url during normal operation?
>
> Would it be possible to derive the cookie hash at install, and store it in a
> table and simply use that regardless of the address being used to access the
> blog? Alternatively, simply generate a random 32 char string (ie
> md5(uniqid(rand(),1)) ) at time of install and use that in a similar way?
The hash itself isn't the problem in this case. The web browser is
trying to protect your privacy by only sending cookies back to the web
site they originated from. The web browser simply won't send back any
cookies saved to www.planetthoughtful.com if you are on
planetthoughtful.com because www is more specific. Also, for example,
cookies saved to planetthoughtful.org will not be sent to
planetthoughtful.com because the top level domain is different. If
you want your cookie then you need to be browsing on the same url as
you were when the cookie was saved (in general).
There is an exception where it is possible to save cookies at the
second-level if you are on a third-level domain. For example, all
cookies at www.planetthoughtful.com could be saved at
planetthoughtful.com (instead of at the www) level. This makes the
cookie available to both the www and the non-www domain. This would
require a change in how wordpress saves the cookie.
--
John
http://flagrantdisregard.com/
More information about the hackers
mailing list