When I use the value domain:".example.com"
in my cookie, I expect it to support the subdomains xyz.example.com, abc.example.com etc
This works fine on mozilla firefox but does not seem to work on google chrome! On chrome it creates a new cookie for xyz.example.com which fails to serve the purpose.
Is this a known issue? Any help would be appreciated!
Thanks.
I know this is bit of a far fetch, but not all domains can have cookies set to them. https://publicsuffix.org/list/public_suffix_list.dat list is honored by Chrome, Firefox and Safari to mention the most popular browsers.
Assuming the above example.com would be s3-website-us-east-1.amazonaws.com very weird thing could be observed. The Set-Cookie header would be present in the response data, but browser's wouldn't display it in the network traffic inspector nor it would have any effect. Because the data is there, it can be observed via eg. curl.
Ref. RFC6265
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With