Menu
If there is a cookie set for a subdomain, metric.foo.com, is there a way for me to delete the metric.foo.com cookie on a request to www.foo.com? The browser (at least Firefox) seems to ignore a Set-Cookie with a domain of metric.foo.com.
453
The only workaround that selectively deletes cookies for a specific subdomain is to go to Edit→Settings→Privacy & Security→Cookies and Site Data→Manage Exceptions and add an exception for https://badcookies.myorg.com to make it Allow for Session .
That is, if the domain name in your cookie's domain parameter doesn't start with a period, then it will not let subdomains read that cookie. If it does start with the period, then all subdomains will have full access to that cookie's value. Can only be read by example.com.
Conclusion: if a resource sets a cookie and the base domain on the resource is the same as the base domain on the web site, but the subdomain is different, popular browsers do not treat it as a third-party cookie.
Cookies are only readable by the domain that created them, so if the cookie was created at metric.foo.com, it will have to be deleted under the same domain as it was created. This includes sub-domains.
If you are required to delete a cookie from metric.foo.com, but are currently running a page at www.foo.com, you will not be able to.
In order to do this, you need to load the page from metric.foo.com, or create the cookie under foo.com so it can be accessable under any subdomain. OR use this:
Response.cookies("mycookie").domain = ".foo.com"
...while creating it, AND before you delete it.
..untested - should work.
170
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
