Is it possible to set a cookie for http://www.example.com from a PHP file located at https://secure.example.com? I have some code that was given to me, that appears to try and fails at this. I was wondering if this is possible at all.
+1
A:
If you set the cookie domain to ".example.com", the cookie will work for all subdomains.
Coronatus
2010-03-17 19:00:24
I wondering if I could be specific to which domains the cookie is sent to.
nilacqua
2010-03-17 19:24:36
@nilacqua: No. If the cookie is set for .example.com, it will be visible for any subdomain of example.com
Piskvor
2010-03-17 19:26:41
+1
A:
Webpages can only set cookies for the second (or higher) level domain that they belong to.
This means that secure.example.com can read and set cookies for secure.example.com or .example.com, the latter of which can also be read and set by www.example.com
One last note: If the secure flag is set on a cookie, it can only be read and set over an https connection.
R. Bemrose
2010-03-17 19:01:40