>>36
I'm pretty sure the cookie security model makes this impossible to fix. I recommend removing the html domain, which isn't really serving any useful purpose.