Creating a JavaScript cookie on a domain and reading it across sub domains

Question

Below is a JavaScript cookie that is written on the user's computer for 12 months.

After we set the cookie on our main domain such as example.com, should the user visit a subdomain like test.example.com, we need to continue to identify the activity of the user across our "test" subdomain.

But with the current code, as soon as they leave www.example.com and visit test.example.com, they are no longer flagged as "HelloWorld".

Would anyone be able to help with my code to allow the cookie to be read across subdomains?

<script type="text/javascript">
  var cookieName = 'HelloWorld';
  var cookieValue = 'HelloWorld';
  var myDate = new Date();
  myDate.setMonth(myDate.getMonth() + 12);
  document.cookie = cookieName +"=" + cookieValue + ";expires=" + myDate;
</script>

score 248 · Accepted Answer · answered Apr 15 '11 at 01:17

248

Just set the domain and path attributes on your cookie, like:

<script type="text/javascript">
var cookieName = 'HelloWorld';
var cookieValue = 'HelloWorld';
var myDate = new Date();
myDate.setMonth(myDate.getMonth() + 12);
document.cookie = cookieName +"=" + cookieValue + ";expires=" + myDate 
                  + ";domain=.example.com;path=/";
</script>

answered Apr 15 '11 at 01:17

aroth

54,026
20
135
176

3

I'm trying to do this in localhost and I cannot change path – Idrizi.A Jan 15 '13 at 10:01
8

@Enve - Browsers treat localhost cookies a bit differently than other cookies. Or rather, they treat all cookies in a way that makes working with _localhost_ difficult. For instance, see http://stackoverflow.com/questions/1134290/cookies-on-localhost-with-explicit-domain. I suggest editing your `hosts` file and aliasing something like `myserver.local` to `127.0.0.1`. Then you can use that to access your local server (and when setting cookies), and hopefully everything should work. – aroth Jan 16 '13 at 00:32
4

All cookie values you create & retrieve must be string values. Strings can contain characters that can upset the local storage when trying to retrieve them. One thing I would suggest is using the global `encodeURI()` & `decodeURI()` methods for the cookie name & value to handle any conversion that would need to take place. i.e. `document.cookie = encodeURI(cookieName) +"=" + encodeURI(cookieValue)`. – Dzeimsas Zvirblis Sep 24 '13 at 19:34
2

If your server-side code is written in C#, Rick Strahl provides a method for getting the base domain, e.g. example.com, from the domain at https://weblog.west-wind.com/posts/2012/Apr/24/Getting-a-base-Domain-from-a-Domain – CAK2 Nov 18 '16 at 21:31
Unfortunately `sub.example.com` cannot set cookie for `.example.com` using javascript – Marinos An Feb 19 '19 at 17:17
1

This doesn't seem to work for me. If I do this, followed by `console.log(document.cookes);` gives me a null return. Also nothing showing in browser storage. – geoidesic Jul 17 '22 at 23:34

score 43 · Answer 2 · edited Jul 02 '12 at 20:43

43

You want:

document.cookie = cookieName +"=" + cookieValue + ";domain=.example.com;path=/;expires=" + myDate;

As per the RFC 2109, to have a cookie available to all subdomains, you must put a . in front of your domain.

Setting the path=/ will have the cookie be available within the entire specified domain(aka .example.com).

edited Jul 02 '12 at 20:43

Tim S. Van Haren

8,861
2
30
34

answered Apr 15 '11 at 01:17

Mike Lewis

63,433
20
141
111

FWIW - I think you need to remove the "path=expires=" piece and set it to "expires=". – malonso Jan 11 '12 at 15:13
4

As per the newer [RFC 6265](http://tools.ietf.org/html/rfc6265) it's no longer necessary to include the `.` in front of the domain. – Dan Jun 01 '15 at 15:32

score 10 · Answer 3 · edited Dec 18 '18 at 17:57

10

Here is a working example :

document.cookie = "testCookie=cookieval; domain=." + 
location.hostname.split('.').reverse()[1] + "." + 
location.hostname.split('.').reverse()[0] + "; path=/"

This is a generic solution that takes the root domain from the location object and sets the cookie. The reversing is because you don't know how many subdomains you have if any.

edited Dec 18 '18 at 17:57

ic3b3rg

14,629
4
30
53

answered Feb 12 '16 at 16:42

caseyjustus

171
2
5

3

This will not work if there is second level hierarchy of domain extension e.g. .co.in – Abhay Oct 08 '20 at 12:04

rebagliatte · Answer 4 · 2021-01-25T15:53:34.920

3

You can also use the Cookies API and do:

browser.cookies.set({
  url: 'example.com',
  name: 'HelloWorld',
  value: 'HelloWorld',
  expirationDate: myDate
}

MDN Set() Method Documentation

edited Jan 25 '21 at 15:53

answered Oct 28 '16 at 05:11

rebagliatte

2,110
1
20
25

1

The link is broken – CodingYourLife Jan 05 '21 at 20:40
It looks like the documentation was moved. Thanks for the heads up @CodingYourLife! – rebagliatte Jan 25 '21 at 15:54
6

This solution only applies to browser extensions, not to javascript running in the context of a page. – Graeme Chapman Mar 22 '22 at 13:32

Creating a JavaScript cookie on a domain and reading it across sub domains

4 Answers4

Linked

Related