Cookies and subdomains

Question

Can a cookie be shared between two sites on the same top level domain? Say www.example.com and secure.example.com ? We are looking into implementing a cache for non-secure content, and need to segregate secure content to another domain. What parameters does the cookie need? I'm using asp.net

Note: This can cause [bugs or security issues](http://security.stackexchange.com/q/12412/396) depending on the cookie content. [More info here](http://stackoverflow.com/q/9636857/328397) — makerofthings7, Mar 11 '12 at 17:12

score 23 · Accepted Answer · edited Jan 11 '11 at 12:30

23

Yes, you can. Use:

Response.Cookies("UID").Domain = ".myserver.com"

edited Jan 11 '11 at 12:30

pgb

24,813
12
83
113

answered Sep 20 '08 at 16:02

Rich Bradshaw

71,795
44
182
241

Jess Chadwick · Answer 2 · 2008-11-06T21:50:24.897

5

The easiest way to apply a cookie domain that can be shared across subdomains is to put it in your web.config:

<forms cookieDomain="example.com">

edited Nov 06 '08 at 21:50

answered Sep 20 '08 at 16:40

Jess Chadwick

2,373
2
21
24

Yeah, the spec is quite annoying. If you want to use example.com as your main domain, you can't then use static.example.com for your (cookieless) static files, and are forced to register another domain. – UpTheCreek Jan 12 '11 at 18:08

score 1 · Answer 3 · edited Feb 15 '12 at 12:16

1

Yes, but beware don't set same-named cookies in various subdomains, as the resulting cookie appears to be random; instead, set one cookie in the .maindomain.com only (not in any .sub.domain.com)

edited Feb 15 '12 at 12:16

Flexo

87,323
22
191
272

answered Mar 14 '11 at 03:28

FYA

402
4
6

Cookies and subdomains

3 Answers3

Linked