Cookies domain prepended with www.*

Question

I have a nginx setup with php for a client of mine. When I set a cookie I notice that it looks something like this:

.www.stackoverflow.com

But when I compare this to other websites, they set cookies with domain like this:

.stackoverflow.com

This means that a subdomain cannot share the cookie unless its something like subdomains.www.stackoverflow.com.

Do you know why they would want to keep theWhere is this .www.? I assume this is set based on the server_name in the nginx config too? Could I simply remove the "www"?

score 1 · Answer 1 · answered Nov 27 '19 at 10:06

1

The simple answer is cookies with a domain prefix are more secure due to a process known as domain matching. Refer to this Similar Question for more information.

answered Nov 27 '19 at 10:06

Floppy52

184
9

Cookies domain prepended with www.*

1 Answers1