FIX: Cookies Can Be Set for Generic Domain Names (217043)
The information in this article applies to:
- Microsoft Internet Explorer (Programming) 2.0
- Microsoft Internet Explorer (Programming) 2.01
- Microsoft Internet Explorer (Programming) 2.1
- Microsoft Internet Explorer (Programming) 3.0
- Microsoft Internet Explorer (Programming) 3.01
- Microsoft Internet Explorer (Programming) 3.02
- Microsoft Internet Explorer (Programming) 4.0
- Microsoft Internet Explorer (Programming) 4.01
- Microsoft Internet Explorer (Programming) 4.01 SP1
This article was previously published under Q217043 SYMPTOMS
Web sites with a country suffix may be sent unwanted cookies from the client browser.
CAUSE
When you set cookies, the domain name should contain at least two periods and match the domain name of the server setting the cookie. This way an organization can set cookies for its company only, for example, ".microsoft.com". Many browsers, including all versions of Internet Explorer prior to 5.0 do not account for a country suffix. This allows the setting of cookies for generic domain names such as ".com.au" or ".co.uk".
STATUSMicrosoft has confirmed that this is a bug in the Microsoft products that are listed at the beginning of this article. This bug was corrected in Internet Explorer 5.0.
Modification Type: | Major | Last Reviewed: | 10/16/2002 |
---|
Keywords: | kbBug kbie500fix KB217043 |
---|
|