Cookie Specification Vulnerabilities
Subject:   Mistakes?
Date:   2004-04-01 23:18:16
From:   rajuvarghese1
I noticed two things in your article that I believe are mistakes:

1. In the sentence "We will not consider client-side solutions, ... that your hosting provider may not make available". Didn't you mean server-side solutions?

2. When explaining the domain key word in the cookie header, you say "This works only with COM, EDU, NET, ORG, GOV, MIL, and INT. It does not work in regional or other zones". Is this really true? Do you mean to say that cookie headers that contain the domain keyword if the domain is "" for example will not set a cookie?