0

I'm having difficulties in setting cookies for a domain and subdomain of that domain. Whilst I cannot divulge the domain name I can however name it "domain.com" and provide code.

I'm trying to achieve the following: visitor comes to domain.com and certain cookies are set. When he reaches a certain page on the subdomain.domain.com those cookies have to be read.

If the user lands directly on the subdomain pages, the cookies get set correctly and everything is ok, but if he lands on the main domain pages no cookies are set. Can you help me?

Again I must reaffirm that the below codes work when subdomain sets the cookies but no cookies are set by the main domain visits (and yes the script is within the main domain pages as well). I have tested with firebug and firecookie.

This is my code on setting the cookies:

function setCookie(c_name,value) {
    var now = new Date();
    var time = now.getTime();
    time += 3600 * 1000;
    now.setTime(time);
    var c_value=escape(value);
    document.cookie=c_name + "=" + c_value + '; path=/;domain=.domain.com';
}

And this is my code on getting the cookie values:

function getCookie(c_name) {
    var i,x,y,ARRcookies=document.cookie.split(";");
    for (i=0;i<ARRcookies.length;i++) {
        x=ARRcookies[i].substr(0,ARRcookies[i].indexOf("="));
        y=ARRcookies[i].substr(ARRcookies[i].indexOf("=")+1);
        x=x.replace(/^\s+|\s+$/g,"");
        if (x==c_name) {
            return unescape(y);
        }
    }
}
Ovidiu
  • 157
  • 13

2 Answers2

0

Do you your top-level users use a subdomain at all? Even "www"?

If not I think (and honestly it's a guess) the problem may be that your specifying that the cookie is valid in all subdomains, but NOT in the top-level domain. Try taking out the preceeding "dot".

For example if you're users are hitting "http://domain.com" then I don't think that cookie set for ".domain.com" will be returned. On the other hand if they're hitting "www.domain.com" then "www" is just another subdomain and all of this should work.

Make sense?

Jim Davis
  • 1,230
  • 6
  • 11
  • Well the final pages will only be from subdomain.domain.com. But the issue is that on the main domain.com no cookie gets set. From all literature on internet even here on stackoverflow the preceding dot seems to be mandatory so that subdomains can read cookies set on the top level domain. Am I mistaking? – Ovidiu Mar 12 '13 at 20:55
  • Well... the main question is, did you try removing it? As far as I know the entry a mask - if the mask is found at the end of the current domain it's "good" if not "bad". So - if that's correct - ".domain.com" would match "www.domain.com" and "sub.domain.com" but NOT "domain.com" – Jim Davis Mar 13 '13 at 19:26
  • No, because your solution is only partial. Cookies will probably be set to the top level domain but they won't be read by the subdomain. Am I right? – Ovidiu Mar 14 '13 at 07:51
  • Well - you'll never know unless you try. ;^) But they should - again, if I'm correct this is a just a simple pattern match: if the of the last characters of the current domain match the value in the "domain" value then the cookie will be set, if not they won't. So removing the period should allow cookies at the top-level domain and all subdomains. Again - assuming I'm correct. And, again, a simple test would confirm or reject the hypothesis. – Jim Davis Mar 14 '13 at 21:41
  • Hmm. The answer to this question seems to indicate that I'm wrong: [How do browser cookie domains work?](http://stackoverflow.com/questions/1062963/how-do-browser-cookie-domains-work). But the [IETF draft](http://tools.ietf.org/html/draft-ietf-httpstate-cookie-08#section-5.1.2) seems to back me. Specifically section 5.1.2. – Jim Davis Mar 14 '13 at 21:57
  • I did test it after my comment just to make sure. No cookie gets set on top level domain with or without the preceding dot. – Ovidiu Mar 15 '13 at 07:52
0

what a rookie mistake on my part. The set cookie function was called to early in the process and didn't set any cookies at all.

Thanks Jim Davis, your persistence made me look more closely to my code.

Ovidiu
  • 157
  • 13