I'm reading the MDC entry for nsICookieManager2.add
and it talks about domain and non-domain cookies. What are the differences between the two types of cookies?
views:
244answers:
3As far as i understand a non-domain cookie makes no sense. Cookies are always tied to a domain and only the cookies for that domain gets passed to the application and can be used. But yes there are techniques by which we can create cross domain cookies. Here is a tutorial that explains this. I don't know if you are using php for your project, because this tutorial explains the concept using php.
http://www.tutorialized.com/view/tutorial/Implementing-Cross-Domain-Cookies/372
Hope this helps.
From RFC2109:
Host A's name domain-matches host B's if [...] A is a FQDN string and has the form NB, where N is a non-empty name string, B has the form .B', and B' is a FQDN string. (So, x.y.com domain-matches .y.com but not y.com.)
So, if I umderstand it right, a domain cookie has a domain like .y.com
and a non-domain cookie has a domain like x.y.com
. A domain cookie is visible for all subdomains, and non-domain cookie is only visible for it's specific subdomain.
A cookie with the domain .y.com
is visible when visiting subdomains like www.y.com
and test.y.com
(but not y.com
), while a cookie with the domain x.y.com
only is visible when visiting the subdomain x.y.com
but not any other subdomain.
Looking at the RFC, if the domain is not specified when the cookie is created, the domain from the requesting host will be applied. So a request from www.foo.com without a domain specified will have www.foo.com in the domain.
However, you may wish to explicitly set the domain to use the cookie across a variety of sub-domains. Setting the cookie domain to foo.com will allow you to access it on www.foo.com or help.foo.com or *.foo.com. This comes in very useful when passing some state around applications you maybe hosting.