Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

It's possible to share a cookie between 'some' subdomains?

Tags:

http

cookies

I've been reading some posts about web performance, one of the points is to
serve static content from a cookie-free domain, my question is:

Can I share cookies between, let's say example.com and www.example.com, while excluding static1.example.com, static2.example.com, etc?

Or do I need to set a different top level domain?

I know (or I think) that I could set the domain of the cookie to '.example.com', but
correct me if I'm wrong this shares the cookies across all sub-domains.

like image 615
Cesar Avatar asked Jul 16 '09 06:07

Cesar

People also ask

Can cookies be shared across sub domains?

To share cookies across subdomains, you can simply create cookies with the domain directive set to the parent domain, in this case, example.com, rather than either of the specific subdomains.

Are cookies domain specific?

If a cookie's domain attribute is not set, the cookie is only applicable to its origin domain. If a cookie's domain attribute is set, the cookie is applicable to that domain and all its subdomains; the cookie's domain must be the same as, or a parent of, the origin domain.

Is a subdomain a third party cookie?

Conclusion: if a resource sets a cookie and the base domain on the resource is the same as the base domain on the web site, but the subdomain is different, popular browsers do not treat it as a third-party cookie.

Can local storage be shared between subdomains?

Way to Solution That's because localstorage doesn't support sharing the storage across subdomains or even domain. Thus, if you have something stored at a.example.com it won't be accessible from example.com or b.example.com.

3 Answers

If you need to share cookies across subdomains you need to scope the cookie at the domain level (e.g. .example.com). When you do that the cookie is available to all the subdomains of .example.com.

For a cookie free static content domain, it is usually a separate domain (e.g. example_staticstuff.com). There is a default two connection limit per domain in HTTP 1.1, so having separate domains often helps speed up simultaneous downloads.

like image 117
jnoss Avatar answered Oct 13 '22 12:10

jnoss

Your assumptions are correct :-)

like image 41
Philippe Leybaert Avatar answered Oct 13 '22 12:10

Philippe Leybaert

You would have to set a cookie for each sub-domain you want to authorize with the full host-name. This creates additional HTTP header overhead and would be a maintenance nightmare :[

like image 25
Nolte Avatar answered Oct 13 '22 14:10

Nolte
Sign in to Comment

Related questions

How to reference System.Net.Http in WP8?
Facebook app - Silent "Protocols must match" error
Convert HttpResponse to byte array
Streaming data with Python and Flask raise RuntimeError: working outside of request context
about http hijacking and keep-alive
What is X-REMOVED HTTP header?
Force capitalize letters in domain name [closed]
How secure is it to use fragment identifiers to hold private data in URLs?
Use data retrieved from HTTPClient into JSoup
Caching JSON: HTTP cache vs database
Invoke-RestMethod : The operation has timed out
Openssl SSL_CTX_new(SSLv3_method()) returns NULL
How to send a cURL POST without request data in PHP?
Can HTTP headers contain colons in the field value?
Android webview input type file
How to update Angular model with $http response?
How can I redirect http to https for Elastic Beanstalk running nginx?
Reusing WebClient object to send another HTTP request
RESTful service, how to respond if validation failed?
404 header - HTTP 1.0 or 1.1?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!