Hi,
if I have a domain example.com, is there any way to make cookies valid only for that specific domain and not for sub-domains like www.example.com?
I know I can set it to only www.example.com, but can it be without a sub-domain?
views:
65answers:
2
+1
A:
Cookies are identified by the combination of their name, domain, and path. So if set correctly, you can limit it's scope to a specific domain/sub-domain and path.
Read Wiki's HTTP Cookie's Attribute Section
or RFC2965
o.k.w
2009-11-03 09:57:12
However is there RFC2965 compliance across browsers?
AnthonyWJones
2009-11-03 10:51:07
@AnthonyWJones: I'm really not sure about that. Browsers `should` but then, who knows?
o.k.w
2009-11-03 10:59:21
A:
Strictly speaking a cookie carrying the qualifier ";domain=example.com" should not be visible to the "www.domain.com" domain. Whereas ";domain=.example.com" would be visible to the www host.
However I would be very wary of this. I haven't tested this recently but I wouldn't be surprised to see some browsers not conforming properly to this.
AnthonyWJones
2009-11-03 10:57:06