Will the cookies be shared across multiple subdomains, if all subdomains point to the same single website?

Question

I would like to create website, which can behave differently based on subdomains.

If I set a certain cookie on subdomain A, can I read/access it on subdomain C? Or the cookie binds to the subdomain?

score 2 · Accepted Answer · answered Nov 05 '21 at 14:11

2

I suggest you read this question post, in summary it says that what's important is the domain parameter you define to set the cookie. What your looking for is something like this ".mydomain.com".

answered Nov 05 '21 at 14:11

Simon

56
6

Thank you, the linked post really helped! – birdemic Nov 05 '21 at 14:16

score 2 · Answer 2 · answered Nov 05 '21 at 14:17

When you set cookie, there is a Domain attribute. This is its explanation from MDN

Domain attribute The Domain attribute specifies which hosts can receive a cookie. If unspecified, the attribute defaults to the same host that set the cookie, excluding subdomains. If Domain is specified, then subdomains are always included. Therefore, specifying Domain is less restrictive than omitting it. However, it can be helpful when subdomains need to share information about a user.

For example, if you set Domain=mozilla.org, cookies are available on subdomains like developer.mozilla.org.

Basically, you just need to specify the Domain attribute in Set-Cookie.

Will the cookies be shared across multiple subdomains, if all subdomains point to the same single website?

2 Answers2