Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
greengreengrass 6 days ago

I have often wondered why we don’t see more usage of the brand gTLDs, which many of these big firms own. I muse that this is (part of) the reason why – there simply isn’t the understanding or recognition outside tech circles (or even within tech circles) to comprehend that it is possible to use such a gTLD without a conventional .com or similar suffix tacked on the end. I tend to see it localised to use for marketing micro sites that do not ask for credentials so have no need to establish user trust, or occasionally internal technical uses that will never touch the typical customer’s eyeballs.

The other reason I hypothesise is that corporate big brother snooping systems that have whitelists for their trusted services – with entries like mail.google.com or calendar.google.com – are simply too painful at this point for big tech to break for their customers by dropping the .com suffix, so big tech doesn’t bother.

No hard data on any of that, though.

Thorrez 6 days ago | parent [-]

I don't think you can put cookies on a TLD. So if Google used mail.google and calendar.google , the login system would be more complex, because they can't share cookies.

arghwhat 6 days ago | parent [-]

Modern auth systems do not work by exposing multiple services on a single domain with shared cookies.

Instead, they authenticate using a common auth service (say, auth.google), which by virtue of being a single domain can persist shared cookies for all its consumers. This would yield a valid token (possibly a JWT) that the authenticating application can then use however it would like, including as a cookie on the application's own domain.

Whenever you go to a service that temporarily sends you to a different login domain (often just immediately redirection you back), this is why.

Thorrez 6 days ago | parent | next [-]

Some modern auth systems. Not all.

I created a separate Chrome profile, and logged in to gmail. Then I disabled javascript, then deleted all my google.com cookies (but left my mail.google.com cookies). Then I reenabled javascript and visited mail.google.com again. I was logged out. So Google is using the google.com cookies.

6 days ago | parent | prev [-]
[deleted]