[eluser]WanWizard[/eluser]
RFC2965 states:
Quote:Host name (HN) means either the host domain name (HDN) or the numeric Internet Protocol (IP) address of a host. The fully qualified domain name is preferred; use of numeric IP addresses is strongly discouraged.
So, an IP address as cookie domain is allowed.
Quote:Moreover, a user agent rejects (SHALL NOT store its information) if any of the following is true of the attributes explicitly present in the Set-Cookie2 response header:
* The value for the Path attribute is not a prefix of the request-URI.
* The value for the Domain attribute contains no embedded dots, and the value is not .local.
* The effective host name that derives from the request-host does not domain-match the Domain attribute.
* The request-host is a HDN (not IP address) and has the form HD, where D is the value of the Domain attribute, and H is a string that contains one or more dots.
* The Port attribute has a "port-list", and the request-port was not in the list.
which means 'localhost' is an invalid name for a cookie domain.
