How do browser cookie domains work?

后端 未结 9 2064
逝去的感伤
逝去的感伤 2020-11-22 05:34

Due to weird domain/subdomain cookie issues that I\'m getting, I\'d like to know how browsers handle cookies. If they do it in different ways, it would also be nice to know

相关标签:
9条回答
  • 2020-11-22 05:53

    Will www.example.com be able to set cookie for .com?

    No, but example.com.fr may be able to set a cookie for example2.com.fr. Firefox protects against this by maintaining a list of TLDs: http://securitylabs.websense.com/content/Blogs/3108.aspx

    Apparently Internet Explorer doesn't allow two-letter domains to set cookies, which I suppose explains why o2.ie simply redirects to o2online.ie. I'd often wondered that.

    0 讨论(0)
  • 2020-11-22 05:57

    The RFCs are known not to reflect reality.

    Better check draft-ietf-httpstate-cookie, work in progress.

    0 讨论(0)
  • 2020-11-22 06:00

    I tested all the cases in the latest Chrome, Firefox, Safari in 2019.

    Response to Added:

    • Will a cookie for .example.com be available for www.example.com? YES
    • Will a cookie for .example.com be available for example.com? YES
    • Will a cookie for example.com be available for www.example.com? NO, Domain without wildcard only matches itself.
    • Will a cookie for example.com be available for anotherexample.com? NO
    • Will www.example.com be able to set cookie for example.com? NO, it will be able to set cookie for '.example.com', but not 'example.com'.
    • Will www.example.com be able to set cookie for www2.example.com? NO. But it can set cookie for .example.com, which www2.example.com can access.
    • Will www.example.com be able to set cookie for .com? NO
    0 讨论(0)
提交回复
热议问题