Setting cookies only on the naked domain
Solution 1
The cookie specification indicates that you are correct:
A is a FQDN string and has the form NB, where N is a non-empty name string, B has the form .B', and B' is a FQDN string. (So, x.y.com domain-matches .y.com but not y.com.)
Even if you do use www.example.com
for your site, you still probably want to set some cookies to *.example.com
so that they can also be read on a subdomain like blog.example.com
.
Solution 2
In response to the Yahoo Developer page, they are talking about you serving content on your site from www.example.com, but explicitly setting the domain of the cookie - in which case you have to set the cookie as either .example.com
or .www.example.com
.
When you set a cookie, you have two options:
- Do not specify the domain name - in which case the cookie will default to the "Request-Host" (without a dot at the beginning) - in your case www.example.com or example.com (note the embedded dot).
- Specify a URL, in which case you fall under the rule "An explicitly specified domain must always start with a dot."
What the Yahoo page is stating is that if you've already issued cookies to .example.com
then those cookies will also be sent to subdomain.example.com
as well, so if you want to serve your static content on a "cookieless domain" you'd have to use a different URL.
Related videos on Youtube
ustun
Updated on September 18, 2022Comments
-
ustun over 1 year
As far as I know, one can set a cookie for
example.com
and not.example.com
and then the cookie will only be visible onexample.com
and notsub.example.com
. Is this true? I have set a cookie on a test domain I own, and it seems that cookies are not shared at static.mydomain.comThis page suggests otherwise:
Omitting www leaves you no choice but to write cookies to *.example.org, so for performance reasons it's best to use the www subdomain and write the cookies to that subdomain.
-
ustun over 10 yearsI think the confusion stems from the fact that if you do use Google Analytics, it sets cookies on .example.com instead of example.com and your subdomains (static.example.com) cannot be cookieless. If you don't use any such 3rd party though, as long as you don't set cookie on .example.com, you can have a cookieless static domain.