How do browser cookie domains work?

Posted by Vilx- on Stack Overflow See other posts from Stack Overflow or by Vilx-
Published on 2009-06-30T10:35:39Z Indexed on 2010/05/07 14:18 UTC
Read the original article Hit count: 154

Filed under:
|
|
|
|

Due to weird domain/subdomain cookie issues that I'm getting, I'd like to know how browsers handle cookies. If they do it in different ways, it would also be nice to know the differences.

In other words - when a browser receives a cookie, that cookie MAY have a domain and a path attached to it. Or not, in which case the browser probably substitutes some defaults for them. Question 1: what are they?

Later, when the browser is about to make a request, it checks its cookies and filters out the ones it should send for that request. It does so by matching them against the requests path and domain. Question 2: what are the matching rules?


Added:

The reason I'm asking this is because I'm interested in some edge cases. Like:

  • Will a cookie for .example.com be available for www.example.com?
  • Will a cookie for .example.com be available for example.com?
  • Will a cookie for example.com be available for www.example.com?
  • Will a cookie for example.com be available for anotherexample.com?
  • Will www.example.com be able to set cookie for example.com?
  • Will www.example.com be able to set cookie for www2.example.com?
  • Will www.example.com be able to set cookie for .com?
  • Etc.

Added 2:

Also, could someone suggest how I should set a cookie so that:

  • It can be set by either www.example.com or example.com;
  • It is accessible by both www.example.com and example.com.

© Stack Overflow or respective owner

Related posts about http

Related posts about cookies