Setting cookies only on the naked domain

domains subdomain cookie
5,322

Solution 1

The cookie specification indicates that you are correct:

A is a FQDN string and has the form NB, where N is a non-empty name string, B has the form .B', and B' is a FQDN string. (So, x.y.com domain-matches .y.com but not y.com.)

Even if you do use www.example.com for your site, you still probably want to set some cookies to *.example.com so that they can also be read on a subdomain like blog.example.com.

Solution 2

In response to the Yahoo Developer page, they are talking about you serving content on your site from www.example.com, but explicitly setting the domain of the cookie - in which case you have to set the cookie as either .example.com or .www.example.com.

When you set a cookie, you have two options:

  1. Do not specify the domain name - in which case the cookie will default to the "Request-Host" (without a dot at the beginning) - in your case www.example.com or example.com (note the embedded dot).
  2. Specify a URL, in which case you fall under the rule "An explicitly specified domain must always start with a dot."

What the Yahoo page is stating is that if you've already issued cookies to .example.com then those cookies will also be sent to subdomain.example.com as well, so if you want to serve your static content on a "cookieless domain" you'd have to use a different URL.

Share:
5,322

Related videos on Youtube

ustun
Author by

ustun

Updated on September 18, 2022

Comments

  • ustun
    ustun over 1 year

    As far as I know, one can set a cookie for example.com and not .example.com and then the cookie will only be visible on example.com and not sub.example.com. Is this true? I have set a cookie on a test domain I own, and it seems that cookies are not shared at static.mydomain.com

    This page suggests otherwise:

    Omitting www leaves you no choice but to write cookies to *.example.org, so for performance reasons it's best to use the www subdomain and write the cookies to that subdomain.

  • ustun
    ustun over 10 years
    I think the confusion stems from the fact that if you do use Google Analytics, it sets cookies on .example.com instead of example.com and your subdomains (static.example.com) cannot be cookieless. If you don't use any such 3rd party though, as long as you don't set cookie on .example.com, you can have a cookieless static domain.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Can you use a custom subdomain with G Suite if it doesn't have anything hosted there?
Pointing subdomain to another server (Godaddy + CPanel)
Forwarding a subdomain to main domain using Godaddy
Cloudflare DNS: How to 301 Redirect all traffic from Sub Domain to Main Domain with URL path?
How can I tell Google Analytics to not use cookies for my sub domain?
Do iframes have access to the cookies of the hosting domain?
URLs which begin "www2"
How can I add sub1.sub2.example.com to my GoDaddy hosting account?
How can I use robots.txt to disallow subdomain only?
Is it possible to find all subdomains for a certain domain?