Menu
Because it's not trivial to tell short domain names apart from TLDs, Microsoft maintains a list of special cases for IE8. The list can be found in res://urlmon.dll/ietldlist.xml.
However, I don't understand how to actually make use of that list. Even the privileged two-letter domains that are listed seem to misbehave.
For example, the domain cn.ca can be found on the list. But here's what I get in IE8's javascript console:
The same method works perfectly on a longer domain, such as stackoverflow.com (I cleared my cookies before this example to avoid unrelated noise):
Is the list of special cases actually broken, or do I simply misunderstand its purpose? Is there any way to set cookies (not limited to a subdomain) for short domains in IE8?
350
As you may know, cookie can't be set in a different domain from another domain directly. If you're having multiple sites in where you need to set a cookie from a parent site, you can use basic HTML and JS to set the cookies. Google is using this same way.
Anyone can memorize a two-letter combination, regardless of the top level domain (TLD) that it's associated with. Tagging on the TLD to the domain creates a brand that is memorable, short, and can become associated with a wide range of products and services, or as a corporate name.
If a cookie's domain attribute is not set, the cookie is only applicable to its origin domain. If a cookie's domain attribute is set, the cookie is applicable to that domain and all its subdomains; the cookie's domain must be the same as, or a parent of, the origin domain.
No good info in the documentation. However, I found a good write up on this in an MSDN blog post.
Most relevant to your question is Q6:
IE won’t set a cookie for certain domains, like those of the format http://xx.yy?
Correct. The idea is that you may not set a cookie on a "top-level" domain shared by unrelated organizations. Historically, ccTLDs of the format xx.yy were effective TLDs, so cookies may not be set on them. While this heuristic was never perfect, it's been unchanged for over 15 years and hence is not likely to change any time soon. The intricacy of this issue merits a long blog post all its own—see this post.
Other interesting tidbits:
IE's cookie code doesn't seem to support as defined in RFC2109 or RFC2965.
Internet Explorer (including IE8) does not attempt to support any RFC for cookies. WinINET (the network stack below IE) has cookie implementation based on the pre-RFC Netscape draft spec for cookies.
If I don’t specify a leading dot when setting the DOMAIN attribute, IE doesn’t care?
Correct. All current version browsers (Chrome, FF, Opera, etc) seem to treat a leading dot as implicit
From Microsoft Support (Affects IE 6.0, 7.0, and 8.0) :
Symptoms: A user opens a webpage from http://servername.xxx.yy. The web site at that address sets a cookie and specifies "xxx.yy" as the domain for that cookie. However, Internet Explorer does not save the cookie information.
Cause: For security reasons, Internet Explorer does not save cookie data for domains like xxx.yy, where .yy is a two-letter country code domain and the three letters xxx are one of the generic top level domain names: com, edu, gov, int, mil, net, or org. Domains of this form are treated as top level domains, effectively a country-specific version of the generic top level domain. For security reasons, wininet prevents setting cookies for such domains. In this case, xxx.yy is effectively a top level domain, and is protected in the same way as ".com" would be.
Resolution: This behavior is by design.
181
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
