Win a copy of Node.js Design Patterns: Design and implement production-grade Node.js applications using proven patterns and techniques this week in the Server-Side JavaScript and NodeJS forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Ron McLeod
  • Rob Spoor
  • Tim Cooke
  • Junilu Lacar
  • Henry Wong
  • Liutauras Vilda
  • Jeanne Boyarsky
Saloon Keepers:
  • Jesse Silverman
  • Tim Holloway
  • Stephan van Hulst
  • Tim Moores
  • Carey Brown
  • Al Hobbs
  • Mikalai Zaikin
  • Piet Souris

cookies scoped to web-application within a domain

Ranch Hand
Posts: 96
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have a secure and insecure web application. The secure one deals with payment/billing services for a user while the other deals with browsing catalogs etc. The user experience should be seamless as he browses non-secure and secure parts of the application. Both applications are served from the same domain and need to use cookies.

In order to ensure security the cookies (from each application) should not be scoped just at the domain level but rather scoped to an application level within a domain. How do I do this? Do I need to check with my container if it offers anything on this? Thoughts..?
How did others here deal when they had secure and insecure parts of application using cookies?
Consider Paul's rocket mass heater.
    Bookmark Topic Watch Topic
  • New Topic