Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

PHP setcookie() for domain but NOT subdomains

Tags:

php

cookies

subdomain

Is there any way to set a cookie that is not readable on subdomains? In other words, have the cookie available on domain.com, but not www.domain.com or xyz.domain.com.

//this is what i'm "intending"...
setcookie($name,$value,$expires,'/','domain.com');
//however, this is how it behaves:
setcookie($name,$value,$expires,'/','.domain.com');

The reasoning: I'm setting up a static CDN on a subdomain and don't want the user session cookies going back and forth for every image, css file, js file, etc.

...do I have to fall back to using www.domain.com for my site? Are there any workarounds?

like image 933
brianreavis Avatar asked Sep 13 '09 15:09

brianreavis

People also ask

Can I set a cookie for a subdomain?

Top-Level Domains and cookiesJavaScript allows you to set a cookie available to all bar.com subdomains from within the foo.bar.com subdomain.

At what point in a PHP file should the Setcookie () function be called?

Note: The setcookie() function must appear BEFORE the <html> tag. Note: The value of the cookie is automatically URLencoded when sending the cookie, and automatically decoded when received (to prevent URLencoding, use setrawcookie() instead).

What is the role of Setcookie () in PHP?

The setcookie() function defines a cookie to be sent along with the rest of the HTTP headers. A cookie is often used to identify a user. A cookie is a small file that the server embeds on the user's computer. Each time the same computer requests a page with a browser, it will send the cookie too.

Can you set cookie for parent domain?

Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain.

1 Answers

Apparently, having a cookie on "domain.com" that will match "*.domain.com" is expected behaviour.

For instance : PERSISTENT CLIENT STATE HTTP COOKIES state (some emphasis mine) :

domain=DOMAIN_NAME

When searching the cookie list for valid cookies, a comparison of the domain attributes of the cookie is made with the Internet domain name of the host from which the URL will be fetched. ...
"Tail matching" means that domain attribute is matched against the tail of the fully qualified domain name of the host. A domain attribute of "acme.com" would match host names "anvil.acme.com" as well as "shipping.crate.acme.com".

Only hosts within the specified domain can set a cookie for a domain and domains must have at least two (2) or three (3) periods in them to prevent domains of the form: ".com", ".edu", and "va.us". Any domain that fails within one of the seven special top level domains listed below only require two periods. Any other domain requires at least three. The seven special top level domains are: "COM", "EDU", "NET", "ORG", "GOV", "MIL", and "INT".

So, you'll either have to :

  • use "www.domain.com" for your site
  • or use a totally different domain name for your static content (like ".anotherdomain.com")
    • for instance, this is what is done on stackoverflow : static content is served from sstatic.net
like image 105
Pascal MARTIN Avatar answered Nov 15 '22 18:11

Pascal MARTIN
Sign in to Comment

Related questions

How to debug features in Behat 3 with echo
Load More Content using Ajax/jQuery by returning <div>
Symfony2 - Get the current URL or route in TWIG template?
Krajee Bootstrap File Input, catching AJAX success response
How to route the URI with parameters to a method in codeigniter?
How do I include a composer package into plain php?
How to unset an environment variable using php?
How to store 60 Booleans in a MySQL Database?
Docker mysql cant connect to container
Vue Components not showing up using passport in laravel 5.3
Customize Forgotten Password Email in Laravel 5.4
Session lost after form submit in wordpress
How to compare a string password with laravel Encrypted Password
PHP Post array empty on axios POST
Laravel - How to use/access session variables in a view?
How to get unique slug to same post-title for other time too?
Check if string only contains numbers in php [duplicate]
PHP GD, imagecreatefromstring( ); how to get the image dimensions?
How do I limit which countries can view my website ( PHP )
including a remote file in PHP

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!