Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What does the dot prefix in the cookie domain mean?

Tags:

cookies

enter image description here

What is the difference between local.test.com and .local.test.com ? The screenshot is from Chrome.

like image 312
ripper234 Avatar asked Mar 08 '12 13:03

ripper234

People also ask

Is it possible to set a cookie domain without a dot?

Setting a cookie domain without a preceding dot, like erik.io, is invalid in RFC 2109 implementations, and will produce the same behaviour as with a preceding dot on other implementations. There is no way to restrict a cookie to a specific explicitly set domain, without sub domains being included.

What does the leading Dot mean in a cookie?

The leading dot means that the cookie is valid for subdomains as well; nevertheless recent HTTP specifications (RFC 6265) changed this rule so modern browsers should not care about the leading dot. The dot may be needed by old browser implementing the deprecated RFC 2109.

What do the prefixes in a cookie name mean?

Cookie prefixes make it possible to flag your cookies to have different behavior, in a backward compatible way. It uses a dirty trick to put a flag in the name of the cookie. When a cookie name starts with this flag, it triggers additional browser policy on the cookie in supporting browsers.

How do I set a domain in the cookie?

When setting a domain in the cookie, the safe choice is to have it preceded by a dot, like .erik.io. The cookie will match with all sub domains. Setting a cookie domain without a preceding dot, like erik.io, is invalid in RFC 2109 implementations, and will produce the same behaviour as with a preceding dot on other implementations.

Video Answer

2 Answers

The leading dot means that the cookie is valid for subdomains as well; nevertheless recent HTTP specifications (RFC 6265) changed this rule so modern browsers should not care about the leading dot. The dot may be needed by old browser implementing the deprecated RFC 2109.

RFC 6265 section 4.1.2.3

For example, if the value of the Domain attribute is "example.com", the user agent will include the cookie in the Cookie header when making HTTP requests to example.com, www.example.com, and www.corp.example.com. (Note that a leading %x2E ("."), if present, is ignored even though that character is not permitted, but a trailing %x2E ("."), if present, will cause the user agent to ignore the attribute.)

like image 148
Timido Avatar answered Oct 02 '22 15:10

Timido

local.test.com will be used for the domain, while .local.test.com will be used for subdomains too.

like image 28
JoRouss Avatar answered Oct 02 '22 17:10

JoRouss
Sign in to Comment

Related questions

How to delete cookies on an ASP.NET website
What's the significance of Oct 12 1999? [closed]
How to detect server-side whether cookies are disabled
Why does Android WebView sporadically not sending my session cookie?
Where are an UIWebView's cookies stored?
Sending browser cookies during a 302 redirect
How to delete a cookie using jQuery?
how to delete all cookies of my website in php
What are cookies and sessions, and how do they relate to each other?
How do you set up use HttpOnly cookies in PHP
Can jQuery read/write cookies to a browser?
Save cookies between two curl requests
When does a cookie with expiration time 'At end of session' expire?
How do sessions work in Express.js with Node.js?
How can I set a cookie in react?
How to expire session due to inactivity in Django?
How to handle multiple cookies with the same name?
How does cookie "Secure" flag work?
Are multiple Cookie headers allowed in an HTTP request?
How do I check if a cookie exists?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!