Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Does a session cookie on different subdomain count as 3rd-party?

Tags:

cookies

iframe

subdomain

privacy

Suppose I have a site at www.example.com which has an IFRAME pointing to ASP.NET site myapp.othersite.com - this causes issues with session and 3rd-party cookies which I understand.

If I moved the embedded app to myapp.example.com, would the session cookie still count as a 3rd-party cookie as it is a different subdomain?

like image 682
RossJ Avatar asked Apr 10 '12 16:04

RossJ

People also ask

Can I set a cookie for another subdomain?

Please everyone note that you can set a cookie from a subdomain on a domain. But you CAN'T set a cookie from a domain on a subdomain.

Are cookies available across subdomains?

To share cookies across subdomains, you can simply create cookies with the domain directive set to the parent domain, in this case, example.com, rather than either of the specific subdomains.

What are 3rd party session cookies?

Third-Party Cookies are cookies that are set by a website other than the one you are currently on. For example, you can have a "Like" button on your website which will store a cookie on a visitor's computer, that cookie can later be accessed by Facebook to identify visitors and see which websites they visited.

Can cookies be shared between domains?

To share a cookie between domains, you will need two domains, for example myserver.com and slave.com . One of the domains will issue the cookies and the other domain will ask the first domain what cookie should be issued to the client.

2 Answers

Cookies seem to be considered 3rd party if they come from different base domains (base domains being example.com or example.co.uk), but not if they come from different subdomains of the same base domain.

myapp.example.com will be able to set cookies with domain myapp.example.com if it is embedded within www.example.com.

Having myapp.example.com set cookies with domain .example.com is unnecessary unless those cookies need to be read from a different subdomain.

[Tested in Firefox, Chrome (with 3rd party cookies blocked) and Safari] [ThirdPartyUtil.IsThirdPartyInternal seems to be where this is checked in Firefox]

like image 144
Bewusstsein Avatar answered Sep 20 '22 07:09

Bewusstsein

if you set a Cookie on domain .example.com

then a cookie from www.example.com and www.myapp.example.com will be considered the same.

no cookie is treated as a 3rd party cookie.

like image 24
Yogesh Prajapati Avatar answered Sep 23 '22 07:09

Yogesh Prajapati
Sign in to Comment

Related questions

Switching to Parent Frame from iFrame and finding an element in Parent frame using Selenium Webdriver. C#
Stop YouTube video within iFrame on external Button click
How can I access the DOM elements within an iFrame
iframe contents cant appear in Firefox
Remove iframe horizontal scrollbar
JQuery Modal Boxes and Iframe
Delay load of iframe?
How to add JavaScript code into existing iFrame using jQuery?
Can't show some websites in iframe tag
Embedded YouTube video doesn't work on local server
div on top of iframe
Remove iframe with javascript
Iframe 100% height inside body with padding
How do I crop the contents of an Iframe to show a part of a page?
Iframes and React.js - How to embed a youtube video into my app
Change iframe src by clicking a link
How can I make iframe respect z-index in IE?
iframe contents change event?
Capture console log of an iframe
Load denied by X-Frame-Options: does not permit framing

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!