Cookie less subdomain

Question

i have website

example.com

and cname subdomain

static.example.com

for css/js/img files, to load without cookies in header

im using codeigniter to set cookies, config.php

$config['cookie_domain']    = "example.com";  //not  .example.com

but when im open google chrome console it says that cookies is set to .example.com

is everything okey? i mean this cookies is set for subdomains anyway?

im using codeigniter built-in cookies, im loading it with autoloader helper.

and setting cookies like that

$cookie = array(
    'name'   => 'lang',
    'value'  => $lang,
    'expire' => '86500',
    'path'   => '/',
    'secure' => FALSE
);
set_cookie($cookie);

Could you show the code you are using to set the cookie please? Or are you talking about the CodeIgniter session cookie? — thatidiotguy, Feb 05 '16 at 20:55

score 0 · Answer 1 · edited May 23 '17 at 11:52

0

Yes, this should be fine. An initial . on the domain means that the cookie applies to the domain and all subdomains. If the cookie domain were just example.com, it wouldn't apply to static.example.com. See What does the dot prefix in the cookie domain mean?

edited May 23 '17 at 11:52

Community

1
1

answered Feb 05 '16 at 21:07

Barmar

741,623
53
500
612

so my goal to load website little bit fast and use static cname subdomain for css/img/js files, static.example.com is works? ex: load style.css file like that http://static.example.com/assets/css/style.css – Gia Nebieridze Feb 05 '16 at 21:09
This is just about cookies, it has nothing to do with how relative URLs are interpreted. – Barmar Feb 05 '16 at 21:20
This is not true... a cookie on domain.com with or without dot, will apply to all subdomains: `http://www.phpied.com/www-vs-no-www-and-cookies/` – peixotorms Feb 05 '16 at 21:30
@peixotorms I think what's going on there is that PHP's `setcookie()` converts `domain.com` as `.domain.com`. When I look at the domain cookies in DevTools, they have a dot at the beginning. – Barmar Feb 05 '16 at 21:40

score 0 · Answer 2 · answered Feb 05 '16 at 21:11

0

You should generally use a second domain name (for example, Stack Exchange uses sstatic.net). While you control your own cookies, if you're using things like Google Analytics they're generally going to set cookies as permissively as possible and you'll wind up with it being a cookied domain after all.

answered Feb 05 '16 at 21:11

ceejayoz

176,543
40
303
368

so. i nede new domain name not subdomain to get working static cname? – Gia Nebieridze Feb 05 '16 at 21:15
unless you use www.domain.com for your main site, yes. You need another domain. – peixotorms Feb 05 '16 at 21:17
@GiaNebieridze It's the most fool-proof way. Especially if you put a CDN in front of it that drops all cookie headers for you to ensure one is **never** set. – ceejayoz Feb 05 '16 at 21:17

score 0 · Answer 3 · answered Feb 05 '16 at 21:15

0

When you set a cookie on .domain.com, it's valid for all sudomains. If you really need to do this, you must use www.domain.com and set cookie explicitly for www.domain.com

If you have multiple sites and you want this feature, you could register another domain name somecdn-lookalike-name.com, to serve static content only (with nginx) and because you set cookies on .domain.com, your new domain name won't have any.

answered Feb 05 '16 at 21:15

peixotorms

1,246
1
10
21

when im setting cookies domain to www.example.com, cookies stops working – Gia Nebieridze Feb 05 '16 at 21:18
Did you change the root url on your website to add www? Are you seeing www.domain.com on your browser when you set the cookies? Are you checking if the cookies are working on a www.domain.com/page (note the www in the browser)? – peixotorms Feb 05 '16 at 21:26
i have htaccess redirect www.example.com to example.com so i only see adress without www – Gia Nebieridze Feb 05 '16 at 21:47

Cookie less subdomain

3 Answers3