Menu
I have a few sites. Each site is a localized version serving up content specific to the a given set of locales. There is also a World Wide or "Global" site. I have them setup as follows:
I am trying to track activity on each application using a cookie. The cookie name for each site is the same, and using the default settings for domain (i.e. in .net I am not specifying a value for httpCookie.Domain - I am leaving it default).
Everything works fine when I am visiting my "locale specific" sites, but once I visit the "global" site, it seems that the cookie from this site is used when I go back to visit my "locale specific" sites, rather than the cookie issued for the "locale specific" site.
Any ideas on how to get my "global" cookie from taking precedence over my "local specific" cookie on the "locale specific" sites?
226
domain=site.com , by default a cookie is visible on the current domain only. If the domain is set explicitly, the cookie becomes visible on subdomains.
If multiple cookies of the same name match a given request URI, one is chosen by the browser. The more specific the path, the higher the precedence. However precedence based on other attributes, including the domain, is unspecified, and may vary between browsers.
If a cookie's domain attribute is not set, the cookie is only applicable to its origin domain. If a cookie's domain attribute is set, the cookie is applicable to that domain and all its subdomains; the cookie's domain must be the same as, or a parent of, the origin domain.
The Domain attribute specifies which hosts can receive a cookie. If unspecified, the attribute defaults to the same host that set the cookie, excluding subdomains. If Domain is specified, then subdomains are always included. Therefore, specifying Domain is less restrictive than omitting it.
In most browsers, setting a cookie without a ‘domain’ makes it only valid on the current hostname. This can't otherwise be achieved by setting any value on ‘domain’; if this behaviour is what you want you must omit the ‘domain’ parameter.
However in IE, any cookie you set without a ‘domain’ will get an implicit ‘domain’ of the current hostname. This means if you set a cookie on ‘example.com’ you can't stop it being sent to ‘sub.example.com’.
Therefore you can't have subdomains that don't share part of the security context of the parent domain. If you want to keep a subdomain apart from its parent you must (as JustLoren suggested) make the main site www.example.com and not just example.com.
When two cookies with different domains are valid, browsers will typically send them both, so you can expect a document.cookie like 'a=b; a=c'. If your cookie-reading layer doesn't expect multiple cookies with the same name, one of those will disappear (you don't get any control over which).
The other approach, if you don't care about putting boundaries between the other sites and the main one, would be just to use different cookie names on the different subsites.
79
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
