Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

sub-domain cookies, sent in a parent domain request?

Tags:

http

cross-domain

cookies

Are sub-domain cookies sent in a parent domain HTTP request?

For instance, say I have the cookies:

Name     Value     Domain (not https)
ABC      1         .example.com
XYZ      0         foo.example.com
DEF      0         bar.example.com

Would [email protected] and [email protected] be sent along in the HTTP-header cookies on a reqeust to http://example.com/content, and/or http://QQQ.example.com/content

like image 250
Incognito Avatar asked Oct 05 '10 15:10

Incognito

People also ask

Can a parent domain set a cookie for a subdomain?

Please everyone note that you can set a cookie from a subdomain on a domain. But you CAN'T set a cookie from a domain on a subdomain.

Do cookies apply to subdomains?

That is, if the domain name in your cookie's domain parameter doesn't start with a period, then it will not let subdomains read that cookie. If it does start with the period, then all subdomains will have full access to that cookie's value.

Are cookies shared between domains?

To share a cookie between domains, you will need two domains, for example myserver.com and slave.com . One of the domains will issue the cookies and the other domain will ask the first domain what cookie should be issued to the client.

Are subdomain cookies considered third party?

Cookies seem to be considered 3rd party if they come from different base domains (base domains being example.com or example.co.uk ), but not if they come from different subdomains of the same base domain.

2 Answers

The leading dot in the domain value .example.com means example.com and its subdomains. Without the leading dot, the cookie is only valid for this specific domain.

Note that when setting a cookie, domain values without a leading dot will be prepended with a dot. Only when the domain parameter is not set the user agent assumes the current domain for that cookie.

So in this case, if http://example.com/ is requested, only the cookie for .example.com will be sent. But in case of http://foo.example.com/, both cookies for .example.com and foo.example.com will be sent. And in case of http://bla.foo.example.com, only the cookie for .example.com will be sent.

like image 194
Gumbo Avatar answered Nov 16 '22 03:11

Gumbo

No. It's the other way around: parent-domain cookies are sent in sub-domain HTTP requests.

like image 38
bobince Avatar answered Nov 16 '22 03:11

bobince
Sign in to Comment

Related questions

WebClient is opening a new connection each time I download a file and all of them stay established
Simple image server
cURL hanging for 15 seconds when sending HEAD requests
How to connect Android with HTTPsURLConnection
Error parsing proxy URL. Bad port number
calling a web service using WCF over Http and Https
urllib2 not retrieving entire HTTP response
Possible types of a HTTP header value
Spring MVC application filtering HTML in URL - Is this a security issue?
Is it possible to query for datetime ranges with the Stripe API?
What is a Webhook and why should I care?
Preserving + (Plus Sign) in URLEncoded Http Post request
In Python, what does getresponse() return?
how to use HttpListener to receive HTTP Post which contain XML
How can I parse the Content-Disposition header to retrieve the filename property?
Http params in Angular 4.3
How do I read only x number of bytes of the body using Net::HTTP?
How to fix "Blocked loading mixed active content" for css and js over https
Missing observable methods RxJS 5.0.0-beta.0
Which HTTP redirect status code is best for this REST API scenario?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!