How to create Play 1.x cookie for just the base domain (no sub domains)

Question

I want to create a cookie that will be shareable across my sub domains. I'm trying to use the setCookie method shown here: https://www.playframework.com/documentation/1.4.x/api/play/mvc/Http.Response.html#setCookie-java.lang.String-java.lang.String-

If I do the following it creates a cookie, but the domain is "xxxx.mydomain.com"... so the full domain:

response.setCookie("loggedIn", "true");

If I do the following, the cookie never shows up in my browser. What am I doing wrong?

response.setCookie("webLoggedIn", "true", ".mydomain.com", "/", 3600, false);

When I try and change the setting application.defaultCookieDomain that seems to break my cookies, but I think its because I'm testing on a different domain than the production domain which is what I set the default too.

Answer 1

On Play Framework 1 the right way is by setting the application.defaultCookieDomain property to something like yourdomain.com (without the prefix dot). This way all cookies will be setted to only the domain itself.

If you use this settings with .yourdomain.com then all cookies will be visible to all subdomains, like www.yourdomain.com or another.yourdomain.com, other than the domain itself.

You mention that you are testing on different domain than the production, then you can use a default domain setting for development environments and the specific domain for production, like:

application.defaultCookieDomain=localhost

# Production configuration
%prod.application.defaultCookieDomain=yourdomain.com

Alternatively, you can change temporarily your hosts file to resolve the production domain to your localhost ip, (/etc/hosts on Linux and OSX):

127.0.0.1 yourdomain.com

Note: on Play >= 2.1 the property was changed to session.domain and on Play >= 2.4 the property was changed again to play.http.session.domain.