Can you explain this? I don't understand how redirection affects
these issues. For example, under the Netscape scheme, if server a.com
issues a redirect to server b.com the client does an entirely new
request to the new server, without any session-id if b.com is not
equal to a.com. Under the Netscape proposal, however, the cookie can
be shared between host a.x.com and b.x.com. It cannot be shared
between a.x.com and *.y.com. (This is according to the spec -- I
don't know how it is currently implemented).
--John Franks Dept of Math. Northwestern University john@math.nwu.edu