Contents
Cooking Sharing Between Subdomains (Shared-Session SSO) Browser cookies can be shared across subdomains if their domain flag is set to a common parent domain. In this case, the cookie will be sent for any subdomain of facebook.com .
How can I create a domain without www?
Without the ‘www’, you must set your root (non-www) domain DNS A-record to point at your web server’s IP address. This can be too rigid if you encounter availability or performance issues; the A-record is fixed and can take a day or two for changes to propagate.
localhost: You can use: domain: “. app. localhost” and it will work. The ‘domain’ parameter needs 1 or more dots in the domain name for setting cookies.
Can a cookie be set on a subdomain?
However, modern browsers respect the newer specification RFC 6265, and will ignore any leading dot, meaning you can use the cookie on subdomains as well as the top-level domain. In summary, if you set a cookie like the second example above from example.com, it would be accessible by foo.example.com, and vice versa.
How to set a cookie on a domain?
Sometimes this can be accomplished by using sub-domains, such as media.domain.com, or static.domain.com, however if you set a cookie on domain.com that applies to the domain as a whole – a cookie for *.domain.com – then this cookie will be sent by the client back to the server on every request for every domain associated with domain.com.
To have a cookieless domain you have to make sure your application running on that domain doesn’t set any cookies. This usually means not having logins, not having google analytics, not having sessions – i.e just serving media and nothing else. Obviously this depends on your setup.
You’ll likely find that in fact most sites are using some combination of Set-Cookie from the older RFC spec with “Host” values, implicitly without a leading dot (as twitter.com does) or setting Domain values (with a leading dot) and redirecting to a server like www.example.com (as google.com does).