|
| I'm a QA Engineer for a company that recently changed the domain level
at which the session and nonsession cookies are dropped. For example,
the cookies were dropped at ".y.x.com", but have been recently changed
to ".x.com". What I'm concerned with is that there are still
nonsession cookies on the end users machines that contain persistent
sign in information in the old ".y.x.com" cookies. Since the
nonsession cookies are both dropped against a form of ".x.com", and
two cookies of the same name exist at the different domain levels, are
both sent to the code when it requests reading the cookies?
I was under the impression that the code would be written to just read
the ".x.com" cookies. However, one of the developers had mentioned
that the browser would send both old and new cookies. Does anyone
know if this is true?
Ultimately I'm trying to find out what ill side effects could occur if
both cookies are being read. At some point the old cookie could get
out of synch with the new cookie and the end user could see
conflicting user experiences.
Thanks for any thoughts on this...
-erin
|
|